openapi: 3.0.3
info:
  title: Kuma API
  description: Kuma API
  version: v1alpha1
  x-ref-schema-name: MeshTrafficPermission
paths:
  /_resources:
    get:
      operationId: get-resource-type-description
      summary: A list of all resources that exist
      description: Returns a Global Insight object
      tags:
        - System
      responses:
        '200':
          $ref: '#/components/responses/ResourceTypeDescriptionListResponse'
        '400':
          $ref: '#/components/responses/BadRequest'
        '500':
          $ref: '#/components/responses/InternalServerError'
  /global-insight:
    get:
      operationId: get-global-insight
      description: Returns a Global Insight object
      summary: Get Global Insight
      tags:
        - GlobalInsight
      responses:
        '200':
          $ref: '#/components/responses/GlobalInsightResponse'
        '400':
          $ref: '#/components/responses/BadRequest'
        '500':
          $ref: '#/components/responses/InternalServerError'
  /meshes/{mesh}/{resourceType}/{resourceName}/_rules:
    get:
      operationId: inspect-dataplanes-rules
      summary: Returns rules matching this dataplane
      description: Returns rules matching this dataplane
      tags:
        - Inspect
      parameters:
        - in: path
          name: mesh
          example: default
          schema:
            type: string
          required: true
          description: The mesh the policy is part of
        - in: path
          name: resourceType
          example: dataplanes
          schema:
            type: string
            enum:
              - dataplanes
              - meshgateways
          description: The type of resource (only some resources support rules api)
        - in: path
          name: resourceName
          example: my-dp
          schema:
            type: string
          required: true
          description: The name of the resource
      responses:
        '200':
          $ref: '#/components/responses/InspectRulesResponse'
        '400':
          $ref: '#/components/responses/BadRequest'
        '500':
          $ref: '#/components/responses/InternalServerError'
  /meshes/{mesh}/{policyType}/{policyName}/_resources/dataplanes:
    get:
      operationId: inspect-resources
      summary: Returns resources matched by this policy
      description: >-
        Returns resources matched by this policy. In the case of `targetRef`
        policies we'll match using the top level `targetRef`
      tags:
        - Inspect
      parameters:
        - in: path
          name: mesh
          example: default
          schema:
            type: string
          required: true
          description: The mesh the policy is part of
        - in: path
          name: policyType
          example: meshretries
          schema:
            type: string
          required: true
          description: The type of the policy
        - in: path
          name: policyName
          example: retry-all
          schema:
            type: string
          required: true
          description: The type of the policy
        - in: query
          name: size
          schema:
            type: integer
          required: false
          description: The max number of items to return
        - in: query
          name: offset
          schema:
            type: integer
          required: false
          description: The offset of result
        - in: query
          name: name
          schema:
            type: string
          required: false
          description: A sub string to filter resources by name
      responses:
        '200':
          $ref: '#/components/responses/InspectDataplanesForPolicyResponse'
        '400':
          $ref: '#/components/responses/BadRequest'
        '500':
          $ref: '#/components/responses/InternalServerError'
  /meshes/{mesh}/meshaccesslogs/{name}:
    get:
      summary: Returns MeshAccessLog entity
      tags:
        - MeshAccessLog
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
        - in: path
          name: name
          schema:
            type: string
          required: true
          description: name of the MeshAccessLog
      responses:
        '200':
          $ref: '#/components/responses/MeshAccessLogItem'
    put:
      summary: Creates or Updates MeshAccessLog entity
      tags:
        - MeshAccessLog
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
        - in: path
          name: name
          schema:
            type: string
          required: true
          description: name of the MeshAccessLog
      requestBody:
        description: Put request
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/MeshAccessLogItem'
      responses:
        '200':
          description: Updated
        '201':
          description: Created
    delete:
      summary: Deletes MeshAccessLog entity
      tags:
        - MeshAccessLog
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
        - in: path
          name: name
          schema:
            type: string
          required: true
          description: name of the MeshAccessLog
      responses:
        '200':
          description: Successful response
  /meshes/{mesh}/meshaccesslogs:
    get:
      summary: Returns a list of MeshAccessLog in the mesh.
      tags:
        - MeshAccessLog
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
      responses:
        '200':
          $ref: '#/components/responses/MeshAccessLogList'
  /meshes/{mesh}/meshcircuitbreakers/{name}:
    get:
      summary: Returns MeshCircuitBreaker entity
      tags:
        - MeshCircuitBreaker
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
        - in: path
          name: name
          schema:
            type: string
          required: true
          description: name of the MeshCircuitBreaker
      responses:
        '200':
          $ref: '#/components/responses/MeshCircuitBreakerItem'
    put:
      summary: Creates or Updates MeshCircuitBreaker entity
      tags:
        - MeshCircuitBreaker
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
        - in: path
          name: name
          schema:
            type: string
          required: true
          description: name of the MeshCircuitBreaker
      requestBody:
        description: Put request
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/MeshCircuitBreakerItem'
      responses:
        '200':
          description: Updated
        '201':
          description: Created
    delete:
      summary: Deletes MeshCircuitBreaker entity
      tags:
        - MeshCircuitBreaker
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
        - in: path
          name: name
          schema:
            type: string
          required: true
          description: name of the MeshCircuitBreaker
      responses:
        '200':
          description: Successful response
  /meshes/{mesh}/meshcircuitbreakers:
    get:
      summary: Returns a list of MeshCircuitBreaker in the mesh.
      tags:
        - MeshCircuitBreaker
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
      responses:
        '200':
          $ref: '#/components/responses/MeshCircuitBreakerList'
  /meshes/{mesh}/meshfaultinjections/{name}:
    get:
      summary: Returns MeshFaultInjection entity
      tags:
        - MeshFaultInjection
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
        - in: path
          name: name
          schema:
            type: string
          required: true
          description: name of the MeshFaultInjection
      responses:
        '200':
          $ref: '#/components/responses/MeshFaultInjectionItem'
    put:
      summary: Creates or Updates MeshFaultInjection entity
      tags:
        - MeshFaultInjection
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
        - in: path
          name: name
          schema:
            type: string
          required: true
          description: name of the MeshFaultInjection
      requestBody:
        description: Put request
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/MeshFaultInjectionItem'
      responses:
        '200':
          description: Updated
        '201':
          description: Created
    delete:
      summary: Deletes MeshFaultInjection entity
      tags:
        - MeshFaultInjection
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
        - in: path
          name: name
          schema:
            type: string
          required: true
          description: name of the MeshFaultInjection
      responses:
        '200':
          description: Successful response
  /meshes/{mesh}/meshfaultinjections:
    get:
      summary: Returns a list of MeshFaultInjection in the mesh.
      tags:
        - MeshFaultInjection
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
      responses:
        '200':
          $ref: '#/components/responses/MeshFaultInjectionList'
  /meshes/{mesh}/meshhealthchecks/{name}:
    get:
      summary: Returns MeshHealthCheck entity
      tags:
        - MeshHealthCheck
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
        - in: path
          name: name
          schema:
            type: string
          required: true
          description: name of the MeshHealthCheck
      responses:
        '200':
          $ref: '#/components/responses/MeshHealthCheckItem'
    put:
      summary: Creates or Updates MeshHealthCheck entity
      tags:
        - MeshHealthCheck
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
        - in: path
          name: name
          schema:
            type: string
          required: true
          description: name of the MeshHealthCheck
      requestBody:
        description: Put request
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/MeshHealthCheckItem'
      responses:
        '200':
          description: Updated
        '201':
          description: Created
    delete:
      summary: Deletes MeshHealthCheck entity
      tags:
        - MeshHealthCheck
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
        - in: path
          name: name
          schema:
            type: string
          required: true
          description: name of the MeshHealthCheck
      responses:
        '200':
          description: Successful response
  /meshes/{mesh}/meshhealthchecks:
    get:
      summary: Returns a list of MeshHealthCheck in the mesh.
      tags:
        - MeshHealthCheck
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
      responses:
        '200':
          $ref: '#/components/responses/MeshHealthCheckList'
  /meshes/{mesh}/meshhttproutes/{name}:
    get:
      summary: Returns MeshHTTPRoute entity
      tags:
        - MeshHTTPRoute
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
        - in: path
          name: name
          schema:
            type: string
          required: true
          description: name of the MeshHTTPRoute
      responses:
        '200':
          $ref: '#/components/responses/MeshHTTPRouteItem'
    put:
      summary: Creates or Updates MeshHTTPRoute entity
      tags:
        - MeshHTTPRoute
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
        - in: path
          name: name
          schema:
            type: string
          required: true
          description: name of the MeshHTTPRoute
      requestBody:
        description: Put request
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/MeshHTTPRouteItem'
      responses:
        '200':
          description: Updated
        '201':
          description: Created
    delete:
      summary: Deletes MeshHTTPRoute entity
      tags:
        - MeshHTTPRoute
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
        - in: path
          name: name
          schema:
            type: string
          required: true
          description: name of the MeshHTTPRoute
      responses:
        '200':
          description: Successful response
  /meshes/{mesh}/meshhttproutes:
    get:
      summary: Returns a list of MeshHTTPRoute in the mesh.
      tags:
        - MeshHTTPRoute
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
      responses:
        '200':
          $ref: '#/components/responses/MeshHTTPRouteList'
  /meshes/{mesh}/meshloadbalancingstrategies/{name}:
    get:
      summary: Returns MeshLoadBalancingStrategy entity
      tags:
        - MeshLoadBalancingStrategy
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
        - in: path
          name: name
          schema:
            type: string
          required: true
          description: name of the MeshLoadBalancingStrategy
      responses:
        '200':
          $ref: '#/components/responses/MeshLoadBalancingStrategyItem'
    put:
      summary: Creates or Updates MeshLoadBalancingStrategy entity
      tags:
        - MeshLoadBalancingStrategy
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
        - in: path
          name: name
          schema:
            type: string
          required: true
          description: name of the MeshLoadBalancingStrategy
      requestBody:
        description: Put request
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/MeshLoadBalancingStrategyItem'
      responses:
        '200':
          description: Updated
        '201':
          description: Created
    delete:
      summary: Deletes MeshLoadBalancingStrategy entity
      tags:
        - MeshLoadBalancingStrategy
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
        - in: path
          name: name
          schema:
            type: string
          required: true
          description: name of the MeshLoadBalancingStrategy
      responses:
        '200':
          description: Successful response
  /meshes/{mesh}/meshloadbalancingstrategies:
    get:
      summary: Returns a list of MeshLoadBalancingStrategy in the mesh.
      tags:
        - MeshLoadBalancingStrategy
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
      responses:
        '200':
          $ref: '#/components/responses/MeshLoadBalancingStrategyList'
  /meshes/{mesh}/meshmetrics/{name}:
    get:
      summary: Returns MeshMetric entity
      tags:
        - MeshMetric
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
        - in: path
          name: name
          schema:
            type: string
          required: true
          description: name of the MeshMetric
      responses:
        '200':
          $ref: '#/components/responses/MeshMetricItem'
    put:
      summary: Creates or Updates MeshMetric entity
      tags:
        - MeshMetric
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
        - in: path
          name: name
          schema:
            type: string
          required: true
          description: name of the MeshMetric
      requestBody:
        description: Put request
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/MeshMetricItem'
      responses:
        '200':
          description: Updated
        '201':
          description: Created
    delete:
      summary: Deletes MeshMetric entity
      tags:
        - MeshMetric
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
        - in: path
          name: name
          schema:
            type: string
          required: true
          description: name of the MeshMetric
      responses:
        '200':
          description: Successful response
  /meshes/{mesh}/meshmetrics:
    get:
      summary: Returns a list of MeshMetric in the mesh.
      tags:
        - MeshMetric
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
      responses:
        '200':
          $ref: '#/components/responses/MeshMetricList'
  /meshes/{mesh}/meshproxypatches/{name}:
    get:
      summary: Returns MeshProxyPatch entity
      tags:
        - MeshProxyPatch
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
        - in: path
          name: name
          schema:
            type: string
          required: true
          description: name of the MeshProxyPatch
      responses:
        '200':
          $ref: '#/components/responses/MeshProxyPatchItem'
    put:
      summary: Creates or Updates MeshProxyPatch entity
      tags:
        - MeshProxyPatch
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
        - in: path
          name: name
          schema:
            type: string
          required: true
          description: name of the MeshProxyPatch
      requestBody:
        description: Put request
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/MeshProxyPatchItem'
      responses:
        '200':
          description: Updated
        '201':
          description: Created
    delete:
      summary: Deletes MeshProxyPatch entity
      tags:
        - MeshProxyPatch
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
        - in: path
          name: name
          schema:
            type: string
          required: true
          description: name of the MeshProxyPatch
      responses:
        '200':
          description: Successful response
  /meshes/{mesh}/meshproxypatches:
    get:
      summary: Returns a list of MeshProxyPatch in the mesh.
      tags:
        - MeshProxyPatch
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
      responses:
        '200':
          $ref: '#/components/responses/MeshProxyPatchList'
  /meshes/{mesh}/meshratelimits/{name}:
    get:
      summary: Returns MeshRateLimit entity
      tags:
        - MeshRateLimit
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
        - in: path
          name: name
          schema:
            type: string
          required: true
          description: name of the MeshRateLimit
      responses:
        '200':
          $ref: '#/components/responses/MeshRateLimitItem'
    put:
      summary: Creates or Updates MeshRateLimit entity
      tags:
        - MeshRateLimit
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
        - in: path
          name: name
          schema:
            type: string
          required: true
          description: name of the MeshRateLimit
      requestBody:
        description: Put request
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/MeshRateLimitItem'
      responses:
        '200':
          description: Updated
        '201':
          description: Created
    delete:
      summary: Deletes MeshRateLimit entity
      tags:
        - MeshRateLimit
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
        - in: path
          name: name
          schema:
            type: string
          required: true
          description: name of the MeshRateLimit
      responses:
        '200':
          description: Successful response
  /meshes/{mesh}/meshratelimits:
    get:
      summary: Returns a list of MeshRateLimit in the mesh.
      tags:
        - MeshRateLimit
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
      responses:
        '200':
          $ref: '#/components/responses/MeshRateLimitList'
  /meshes/{mesh}/meshretries/{name}:
    get:
      summary: Returns MeshRetry entity
      tags:
        - MeshRetry
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
        - in: path
          name: name
          schema:
            type: string
          required: true
          description: name of the MeshRetry
      responses:
        '200':
          $ref: '#/components/responses/MeshRetryItem'
    put:
      summary: Creates or Updates MeshRetry entity
      tags:
        - MeshRetry
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
        - in: path
          name: name
          schema:
            type: string
          required: true
          description: name of the MeshRetry
      requestBody:
        description: Put request
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/MeshRetryItem'
      responses:
        '200':
          description: Updated
        '201':
          description: Created
    delete:
      summary: Deletes MeshRetry entity
      tags:
        - MeshRetry
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
        - in: path
          name: name
          schema:
            type: string
          required: true
          description: name of the MeshRetry
      responses:
        '200':
          description: Successful response
  /meshes/{mesh}/meshretries:
    get:
      summary: Returns a list of MeshRetry in the mesh.
      tags:
        - MeshRetry
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
      responses:
        '200':
          $ref: '#/components/responses/MeshRetryList'
  /meshes/{mesh}/meshtcproutes/{name}:
    get:
      summary: Returns MeshTCPRoute entity
      tags:
        - MeshTCPRoute
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
        - in: path
          name: name
          schema:
            type: string
          required: true
          description: name of the MeshTCPRoute
      responses:
        '200':
          $ref: '#/components/responses/MeshTCPRouteItem'
    put:
      summary: Creates or Updates MeshTCPRoute entity
      tags:
        - MeshTCPRoute
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
        - in: path
          name: name
          schema:
            type: string
          required: true
          description: name of the MeshTCPRoute
      requestBody:
        description: Put request
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/MeshTCPRouteItem'
      responses:
        '200':
          description: Updated
        '201':
          description: Created
    delete:
      summary: Deletes MeshTCPRoute entity
      tags:
        - MeshTCPRoute
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
        - in: path
          name: name
          schema:
            type: string
          required: true
          description: name of the MeshTCPRoute
      responses:
        '200':
          description: Successful response
  /meshes/{mesh}/meshtcproutes:
    get:
      summary: Returns a list of MeshTCPRoute in the mesh.
      tags:
        - MeshTCPRoute
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
      responses:
        '200':
          $ref: '#/components/responses/MeshTCPRouteList'
  /meshes/{mesh}/meshtimeouts/{name}:
    get:
      summary: Returns MeshTimeout entity
      tags:
        - MeshTimeout
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
        - in: path
          name: name
          schema:
            type: string
          required: true
          description: name of the MeshTimeout
      responses:
        '200':
          $ref: '#/components/responses/MeshTimeoutItem'
    put:
      summary: Creates or Updates MeshTimeout entity
      tags:
        - MeshTimeout
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
        - in: path
          name: name
          schema:
            type: string
          required: true
          description: name of the MeshTimeout
      requestBody:
        description: Put request
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/MeshTimeoutItem'
      responses:
        '200':
          description: Updated
        '201':
          description: Created
    delete:
      summary: Deletes MeshTimeout entity
      tags:
        - MeshTimeout
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
        - in: path
          name: name
          schema:
            type: string
          required: true
          description: name of the MeshTimeout
      responses:
        '200':
          description: Successful response
  /meshes/{mesh}/meshtimeouts:
    get:
      summary: Returns a list of MeshTimeout in the mesh.
      tags:
        - MeshTimeout
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
      responses:
        '200':
          $ref: '#/components/responses/MeshTimeoutList'
  /meshes/{mesh}/meshtraces/{name}:
    get:
      summary: Returns MeshTrace entity
      tags:
        - MeshTrace
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
        - in: path
          name: name
          schema:
            type: string
          required: true
          description: name of the MeshTrace
      responses:
        '200':
          $ref: '#/components/responses/MeshTraceItem'
    put:
      summary: Creates or Updates MeshTrace entity
      tags:
        - MeshTrace
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
        - in: path
          name: name
          schema:
            type: string
          required: true
          description: name of the MeshTrace
      requestBody:
        description: Put request
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/MeshTraceItem'
      responses:
        '200':
          description: Updated
        '201':
          description: Created
    delete:
      summary: Deletes MeshTrace entity
      tags:
        - MeshTrace
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
        - in: path
          name: name
          schema:
            type: string
          required: true
          description: name of the MeshTrace
      responses:
        '200':
          description: Successful response
  /meshes/{mesh}/meshtraces:
    get:
      summary: Returns a list of MeshTrace in the mesh.
      tags:
        - MeshTrace
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
      responses:
        '200':
          $ref: '#/components/responses/MeshTraceList'
  /meshes/{mesh}/meshtrafficpermissions/{name}:
    get:
      summary: Returns MeshTrafficPermission entity
      tags:
        - MeshTrafficPermission
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
        - in: path
          name: name
          schema:
            type: string
          required: true
          description: name of the MeshTrafficPermission
      responses:
        '200':
          $ref: '#/components/responses/MeshTrafficPermissionItem'
    put:
      summary: Creates or Updates MeshTrafficPermission entity
      tags:
        - MeshTrafficPermission
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
        - in: path
          name: name
          schema:
            type: string
          required: true
          description: name of the MeshTrafficPermission
      requestBody:
        description: Put request
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/MeshTrafficPermissionItem'
      responses:
        '200':
          description: Updated
        '201':
          description: Created
    delete:
      summary: Deletes MeshTrafficPermission entity
      tags:
        - MeshTrafficPermission
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
        - in: path
          name: name
          schema:
            type: string
          required: true
          description: name of the MeshTrafficPermission
      responses:
        '200':
          description: Successful response
  /meshes/{mesh}/meshtrafficpermissions:
    get:
      summary: Returns a list of MeshTrafficPermission in the mesh.
      tags:
        - MeshTrafficPermission
      parameters:
        - in: path
          name: mesh
          schema:
            type: string
          required: true
          description: name of the mesh
      responses:
        '200':
          $ref: '#/components/responses/MeshTrafficPermissionList'
components:
  schemas:
    ResourceTypeDescriptionList:
      type: object
      title: ResourceTypeDescriptionList
      description: A list of all resources install
      required:
        - resources
      properties:
        resources:
          type: array
          items:
            $ref: '#/components/schemas/ResourceTypeDescription'
    InspectDataplanesForPolicy:
      type: object
      title: InspectDataplanesForPolicy
      description: A list of proxies
      required:
        - total
        - items
      properties:
        total:
          type: integer
          example: 200
        next:
          type: string
        items:
          type: array
          items:
            $ref: '#/components/schemas/Meta'
    InspectRules:
      type: object
      title: InspectRules
      description: A list of rules for a dataplane
      required:
        - rules
        - resource
        - httpMatches
      properties:
        resource:
          $ref: '#/components/schemas/Meta'
        rules:
          type: array
          items:
            $ref: '#/components/schemas/InspectRule'
        httpMatches:
          type: array
          items:
            $ref: '#/components/schemas/HttpMatch'
    BaseStatus:
      type: object
      title: Status
      required:
        - online
        - total
      properties:
        online:
          type: integer
          example: 10
        total:
          type: integer
          example: 30
    FullStatus:
      allOf:
        - $ref: '#/components/schemas/BaseStatus'
        - type: object
          required:
            - offline
            - partiallyDegraded
          properties:
            offline:
              type: integer
              example: 15
            partiallyDegraded:
              type: integer
              example: 5
    ServicesStats:
      type: object
      title: ServicesStats
      description: Services statistics
      required:
        - total
        - internal
        - external
        - gatewayBuiltin
        - gatewayDelegated
      properties:
        internal:
          description: Internal services statistics
          allOf:
            - $ref: '#/components/schemas/FullStatus'
        external:
          type: object
          description: External services statistics
          required:
            - total
          properties:
            total:
              type: integer
              example: 5
        gatewayBuiltin:
          description: Builtin Gateway services statistics
          allOf:
            - $ref: '#/components/schemas/FullStatus'
        gatewayDelegated:
          description: Delegated Gateway services statistics
          allOf:
            - $ref: '#/components/schemas/FullStatus'
    ZonesStats:
      type: object
      title: Zones Stats
      description: Zone statistics
      required:
        - controlPlanes
        - zoneEgresses
        - zoneIngresses
      properties:
        controlPlanes:
          description: Control Planes statistics
          allOf:
            - $ref: '#/components/schemas/BaseStatus'
        zoneEgresses:
          description: Zone Egresses statistics
          allOf:
            - $ref: '#/components/schemas/BaseStatus'
        zoneIngresses:
          description: Zone Ingresses statistics
          allOf:
            - $ref: '#/components/schemas/BaseStatus'
    DataplanesStats:
      type: object
      title: Dataplanes Stats
      description: Dataplanes statistics
      required:
        - standard
        - gatewayBuiltin
        - gatewayDelegated
      properties:
        standard:
          description: Standard dataplane proxy statistics
          allOf:
            - $ref: '#/components/schemas/FullStatus'
        gatewayBuiltin:
          description: Builtin Gateway dataplane proxy statistics
          allOf:
            - $ref: '#/components/schemas/FullStatus'
        gatewayDelegated:
          description: Delegated Gateway dataplane proxy statistics
          allOf:
            - $ref: '#/components/schemas/FullStatus'
    PoliciesStats:
      type: object
      title: Policies Stats
      description: Policies statistics
      required:
        - total
      properties:
        total:
          type: integer
          description: Number of policies
          example: 30
    MeshesStats:
      type: object
      title: Meshes Stats
      description: Mesh statistics
      required:
        - total
      properties:
        total:
          type: integer
          description: Number of meshes
          example: 3
    GlobalInsight:
      type: object
      title: GlobalInsight
      description: Global Insight contains statistics for all main resources
      required:
        - createdAt
        - services
        - zones
        - dataplanes
        - policies
        - meshes
      properties:
        createdAt:
          type: string
          description: Time of Global Insight creation
          format: date-time
          example: '2023-01-11T02:30:42.227Z'
        services:
          description: Mesh services statistics
          allOf:
            - $ref: '#/components/schemas/ServicesStats'
        zones:
          description: Zones statistics
          allOf:
            - $ref: '#/components/schemas/ZonesStats'
        dataplanes:
          description: Dataplane proxy statistics
          allOf:
            - $ref: '#/components/schemas/DataplanesStats'
        policies:
          description: Policies statistics
          allOf:
            - $ref: '#/components/schemas/PoliciesStats'
        meshes:
          description: Mesh statistics
          allOf:
            - $ref: '#/components/schemas/MeshesStats'
    PolicyDescription:
      type: object
      required:
        - hasToTargetRef
        - hasFromTargetRef
        - isTargetRef
      description: information about a policy
      properties:
        isTargetRef:
          description: whether this policy uses targetRef matching
          type: boolean
        hasToTargetRef:
          description: indicates that this policy can be used as an outbound policy
          type: boolean
        hasFromTargetRef:
          description: indicates that this policy can be used as an inbound policy
          type: boolean
    ResourceTypeDescription:
      description: >-
        Description of a resource type, this is useful for dynamically generated
        clients and the gui
      type: object
      required:
        - name
        - scope
        - readOnly
        - path
        - singularDisplayName
        - pluralDisplayName
        - includeInFederation
      properties:
        name:
          description: the name of the resource type
          type: string
        scope:
          type: string
          enum:
            - Global
            - Mesh
        readOnly:
          type: boolean
        path:
          description: >-
            the path to use for accessing this resource. If scope is `Global`
            then it will be `/<path>` otherwise it will be `/meshes/<path>`
          type: string
        singularDisplayName:
          type: string
        pluralDisplayName:
          type: string
        includeInFederation:
          description: >-
            description resources of this type should be included in
            federetion-with-policies export profile (especially useful for
            moving from non-federated to federated or migrating to a new
            global).
          type: boolean
        policy:
          $ref: '#/components/schemas/PolicyDescription'
    InvalidParameters:
      type: object
      title: Invalid Parameters
      properties:
        field:
          type: string
        reason:
          type: string
        rule:
          type: string
        choices:
          type: array
          items:
            type: string
    Error:
      type: object
      title: Error
      description: standard error
      x-examples:
        Example 1:
          status: 404
          title: Not Found
          type: https://kongapi.info/konnect/not-found
          instance: portal:trace:2287285207635123011
          detail: The requested document was not found
      required:
        - status
        - title
        - instance
      properties:
        status:
          type: integer
          description: The HTTP status code.
          example: 404
        title:
          type: string
          description: The error response code.
          example: Not Found
        type:
          type: string
          description: The error type.
          example: Not Found
        instance:
          type: string
          example: portal:trace:2287285207635123011
          description: The portal traceback code
        detail:
          type: string
          example: The requested team was not found
          description: Details about the error.
        invalid_parameters:
          type: array
          description: TODO
          items:
            $ref: '#/components/schemas/InvalidParameters'
    Meta:
      type: object
      required:
        - type
        - mesh
        - name
      properties:
        type:
          type: string
          example: Dataplane
          description: the type of this resource
        mesh:
          type: string
          example: default
          description: the mesh this resource is part of
        name:
          type: string
          example: my-resource
          description: the name of the resource
    ProxyRule:
      type: object
      required:
        - conf
        - origin
      properties:
        conf:
          description: The actual conf generated
          type: object
          x-go-type: interface{}
        origin:
          type: array
          items:
            $ref: '#/components/schemas/Meta'
    RuleMatcher:
      type: object
      required:
        - key
        - value
        - not
      description: A matcher to select which traffic this conf applies to
      properties:
        key:
          type: string
          description: the key to match against
          example: kuma.io/service
        value:
          type: string
          description: the value for the key to match against
          example: my-cool-service
        not:
          type: boolean
          description: whether we check on the absence of this key:value pair
    Rule:
      type: object
      required:
        - matchers
        - conf
        - origin
      properties:
        matchers:
          type: array
          items:
            $ref: '#/components/schemas/RuleMatcher'
        conf:
          description: The actual conf generated
          type: object
          x-go-type: interface{}
        origin:
          type: array
          items:
            $ref: '#/components/schemas/Meta'
    Inbound:
      type: object
      required:
        - tags
        - port
      properties:
        tags:
          type: object
          x-go-type: map[string]string
        port:
          type: integer
    FromRule:
      type: object
      required:
        - rules
        - inbound
      properties:
        inbound:
          $ref: '#/components/schemas/Inbound'
        rules:
          type: array
          items:
            $ref: '#/components/schemas/Rule'
    InspectRule:
      type: object
      required:
        - type
      properties:
        type:
          type: string
          example: MeshRetry
          description: the type of the policy
        proxyRule:
          description: a rule that affects the entire proxy
          $ref: '#/components/schemas/ProxyRule'
        toRules:
          type: array
          description: a set of rules for the outbounds of this proxy
          items:
            $ref: '#/components/schemas/Rule'
        fromRules:
          type: array
          description: a set of rules for each inbound of this proxy
          items:
            $ref: '#/components/schemas/FromRule'
        warnings:
          type: array
          description: a set of warnings to show in policy matching
          example:
            - Mesh is not Mtls enabled this policy will have no effect
          items:
            type: string
    HttpMatch:
      type: object
      required:
        - hash
        - match
      properties:
        hash:
          type: string
        match:
          type: object
          x-go-type: interface{}
    MeshAccessLogItem:
      type: object
      properties:
        type:
          description: the type of the resource
          type: string
          enum:
            - MeshAccessLog
        mesh:
          description: >-
            Mesh is the name of the Kuma mesh this resource belongs to. It may
            be omitted for cluster-scoped resources.
          type: string
          default: default
        name:
          description: Name of the Kuma resource
          type: string
        spec:
          description: Spec is the specification of the Kuma MeshAccessLog resource.
          properties:
            from:
              description: >-
                From list makes a match between clients and corresponding
                configurations
              items:
                properties:
                  default:
                    description: >-
                      Default is a configuration specific to the group of
                      clients referenced in

                      'targetRef'
                    properties:
                      backends:
                        items:
                          properties:
                            file:
                              description: >-
                                FileBackend defines configuration for file based
                                access logs
                              properties:
                                format:
                                  description: >-
                                    Format of access logs. Placeholders
                                    available on

                                    https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators
                                  properties:
                                    json:
                                      example:
                                        - key: start_time
                                          value: '%START_TIME%'
                                        - key: bytes_received
                                          value: '%BYTES_RECEIVED%'
                                      items:
                                        properties:
                                          key:
                                            type: string
                                          value:
                                            type: string
                                        type: object
                                      type: array
                                    omitEmptyValues:
                                      default: false
                                      type: boolean
                                    plain:
                                      example: >-
                                        [%START_TIME%] %KUMA_MESH%
                                        %UPSTREAM_HOST%
                                      type: string
                                    type:
                                      enum:
                                        - Plain
                                        - Json
                                      type: string
                                  required:
                                    - type
                                  type: object
                                path:
                                  description: Path to a file that logs will be written to
                                  example: /tmp/access.log
                                  minLength: 1
                                  type: string
                              required:
                                - path
                              type: object
                            openTelemetry:
                              description: Defines an OpenTelemetry logging backend.
                              properties:
                                attributes:
                                  description: >-
                                    Attributes can contain placeholders
                                    available on

                                    https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators
                                  example:
                                    - key: mesh
                                      value: '%KUMA_MESH%'
                                  items:
                                    properties:
                                      key:
                                        type: string
                                      value:
                                        type: string
                                    type: object
                                  type: array
                                body:
                                  description: >-
                                    Body is a raw string or an OTLP any value as
                                    described at

                                    https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/logs/data-model.md#field-body

                                    It can contain placeholders available on

                                    https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators
                                  example:
                                    kvlistValue:
                                      values:
                                        - key: mesh
                                          value:
                                            stringValue: '%KUMA_MESH%'
                                  x-kubernetes-preserve-unknown-fields: true
                                endpoint:
                                  description: >-
                                    Endpoint of OpenTelemetry collector. An
                                    empty port defaults to 4317.
                                  example: otel-collector:4317
                                  minLength: 1
                                  type: string
                              required:
                                - endpoint
                              type: object
                            tcp:
                              description: TCPBackend defines a TCP logging backend.
                              properties:
                                address:
                                  description: Address of the TCP logging backend
                                  example: 127.0.0.1:5000
                                  minLength: 1
                                  type: string
                                format:
                                  description: >-
                                    Format of access logs. Placeholders
                                    available on

                                    https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators
                                  properties:
                                    json:
                                      example:
                                        - key: start_time
                                          value: '%START_TIME%'
                                        - key: bytes_received
                                          value: '%BYTES_RECEIVED%'
                                      items:
                                        properties:
                                          key:
                                            type: string
                                          value:
                                            type: string
                                        type: object
                                      type: array
                                    omitEmptyValues:
                                      default: false
                                      type: boolean
                                    plain:
                                      example: >-
                                        [%START_TIME%] %KUMA_MESH%
                                        %UPSTREAM_HOST%
                                      type: string
                                    type:
                                      enum:
                                        - Plain
                                        - Json
                                      type: string
                                  required:
                                    - type
                                  type: object
                              required:
                                - address
                              type: object
                            type:
                              enum:
                                - Tcp
                                - File
                                - OpenTelemetry
                              type: string
                          required:
                            - type
                          type: object
                        type: array
                    type: object
                  targetRef:
                    description: >-
                      TargetRef is a reference to the resource that represents a
                      group of

                      clients.
                    properties:
                      kind:
                        description: Kind of the referenced resource
                        enum:
                          - Mesh
                          - MeshSubset
                          - MeshGateway
                          - MeshService
                          - MeshServiceSubset
                          - MeshHTTPRoute
                        type: string
                      mesh:
                        description: >-
                          Mesh is reserved for future use to identify cross mesh
                          resources.
                        type: string
                      name:
                        description: >-
                          Name of the referenced resource. Can only be used with
                          kinds: `MeshService`,

                          `MeshServiceSubset` and `MeshGatewayRoute`
                        type: string
                      proxyTypes:
                        description: >-
                          ProxyTypes specifies the data plane types that are
                          subject to the policy. When not specified,

                          all data plane types are targeted by the policy.
                        items:
                          enum:
                            - Sidecar
                            - Gateway
                          type: string
                        minItems: 1
                        type: array
                      tags:
                        additionalProperties:
                          type: string
                        description: >-
                          Tags used to select a subset of proxies by tags. Can
                          only be used with kinds

                          `MeshSubset` and `MeshServiceSubset`
                        type: object
                    type: object
                required:
                  - targetRef
                type: object
              type: array
            targetRef:
              description: >-
                TargetRef is a reference to the resource the policy takes an
                effect on.

                The resource could be either a real store object or virtual
                resource

                defined in-place.
              properties:
                kind:
                  description: Kind of the referenced resource
                  enum:
                    - Mesh
                    - MeshSubset
                    - MeshGateway
                    - MeshService
                    - MeshServiceSubset
                    - MeshHTTPRoute
                  type: string
                mesh:
                  description: >-
                    Mesh is reserved for future use to identify cross mesh
                    resources.
                  type: string
                name:
                  description: >-
                    Name of the referenced resource. Can only be used with
                    kinds: `MeshService`,

                    `MeshServiceSubset` and `MeshGatewayRoute`
                  type: string
                proxyTypes:
                  description: >-
                    ProxyTypes specifies the data plane types that are subject
                    to the policy. When not specified,

                    all data plane types are targeted by the policy.
                  items:
                    enum:
                      - Sidecar
                      - Gateway
                    type: string
                  minItems: 1
                  type: array
                tags:
                  additionalProperties:
                    type: string
                  description: >-
                    Tags used to select a subset of proxies by tags. Can only be
                    used with kinds

                    `MeshSubset` and `MeshServiceSubset`
                  type: object
              type: object
            to:
              description: >-
                To list makes a match between the consumed services and
                corresponding configurations
              items:
                properties:
                  default:
                    description: >-
                      Default is a configuration specific to the group of
                      destinations referenced in

                      'targetRef'
                    properties:
                      backends:
                        items:
                          properties:
                            file:
                              description: >-
                                FileBackend defines configuration for file based
                                access logs
                              properties:
                                format:
                                  description: >-
                                    Format of access logs. Placeholders
                                    available on

                                    https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators
                                  properties:
                                    json:
                                      example:
                                        - key: start_time
                                          value: '%START_TIME%'
                                        - key: bytes_received
                                          value: '%BYTES_RECEIVED%'
                                      items:
                                        properties:
                                          key:
                                            type: string
                                          value:
                                            type: string
                                        type: object
                                      type: array
                                    omitEmptyValues:
                                      default: false
                                      type: boolean
                                    plain:
                                      example: >-
                                        [%START_TIME%] %KUMA_MESH%
                                        %UPSTREAM_HOST%
                                      type: string
                                    type:
                                      enum:
                                        - Plain
                                        - Json
                                      type: string
                                  required:
                                    - type
                                  type: object
                                path:
                                  description: Path to a file that logs will be written to
                                  example: /tmp/access.log
                                  minLength: 1
                                  type: string
                              required:
                                - path
                              type: object
                            openTelemetry:
                              description: Defines an OpenTelemetry logging backend.
                              properties:
                                attributes:
                                  description: >-
                                    Attributes can contain placeholders
                                    available on

                                    https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators
                                  example:
                                    - key: mesh
                                      value: '%KUMA_MESH%'
                                  items:
                                    properties:
                                      key:
                                        type: string
                                      value:
                                        type: string
                                    type: object
                                  type: array
                                body:
                                  description: >-
                                    Body is a raw string or an OTLP any value as
                                    described at

                                    https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/logs/data-model.md#field-body

                                    It can contain placeholders available on

                                    https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators
                                  example:
                                    kvlistValue:
                                      values:
                                        - key: mesh
                                          value:
                                            stringValue: '%KUMA_MESH%'
                                  x-kubernetes-preserve-unknown-fields: true
                                endpoint:
                                  description: >-
                                    Endpoint of OpenTelemetry collector. An
                                    empty port defaults to 4317.
                                  example: otel-collector:4317
                                  minLength: 1
                                  type: string
                              required:
                                - endpoint
                              type: object
                            tcp:
                              description: TCPBackend defines a TCP logging backend.
                              properties:
                                address:
                                  description: Address of the TCP logging backend
                                  example: 127.0.0.1:5000
                                  minLength: 1
                                  type: string
                                format:
                                  description: >-
                                    Format of access logs. Placeholders
                                    available on

                                    https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators
                                  properties:
                                    json:
                                      example:
                                        - key: start_time
                                          value: '%START_TIME%'
                                        - key: bytes_received
                                          value: '%BYTES_RECEIVED%'
                                      items:
                                        properties:
                                          key:
                                            type: string
                                          value:
                                            type: string
                                        type: object
                                      type: array
                                    omitEmptyValues:
                                      default: false
                                      type: boolean
                                    plain:
                                      example: >-
                                        [%START_TIME%] %KUMA_MESH%
                                        %UPSTREAM_HOST%
                                      type: string
                                    type:
                                      enum:
                                        - Plain
                                        - Json
                                      type: string
                                  required:
                                    - type
                                  type: object
                              required:
                                - address
                              type: object
                            type:
                              enum:
                                - Tcp
                                - File
                                - OpenTelemetry
                              type: string
                          required:
                            - type
                          type: object
                        type: array
                    type: object
                  targetRef:
                    description: >-
                      TargetRef is a reference to the resource that represents a
                      group of

                      destinations.
                    properties:
                      kind:
                        description: Kind of the referenced resource
                        enum:
                          - Mesh
                          - MeshSubset
                          - MeshGateway
                          - MeshService
                          - MeshServiceSubset
                          - MeshHTTPRoute
                        type: string
                      mesh:
                        description: >-
                          Mesh is reserved for future use to identify cross mesh
                          resources.
                        type: string
                      name:
                        description: >-
                          Name of the referenced resource. Can only be used with
                          kinds: `MeshService`,

                          `MeshServiceSubset` and `MeshGatewayRoute`
                        type: string
                      proxyTypes:
                        description: >-
                          ProxyTypes specifies the data plane types that are
                          subject to the policy. When not specified,

                          all data plane types are targeted by the policy.
                        items:
                          enum:
                            - Sidecar
                            - Gateway
                          type: string
                        minItems: 1
                        type: array
                      tags:
                        additionalProperties:
                          type: string
                        description: >-
                          Tags used to select a subset of proxies by tags. Can
                          only be used with kinds

                          `MeshSubset` and `MeshServiceSubset`
                        type: object
                    type: object
                required:
                  - targetRef
                type: object
              type: array
          required:
            - targetRef
          type: object
    MeshCircuitBreakerItem:
      type: object
      properties:
        type:
          description: the type of the resource
          type: string
          enum:
            - MeshCircuitBreaker
        mesh:
          description: >-
            Mesh is the name of the Kuma mesh this resource belongs to. It may
            be omitted for cluster-scoped resources.
          type: string
          default: default
        name:
          description: Name of the Kuma resource
          type: string
        spec:
          description: Spec is the specification of the Kuma MeshCircuitBreaker resource.
          properties:
            from:
              description: >-
                From list makes a match between clients and corresponding
                configurations
              items:
                properties:
                  default:
                    description: >-
                      Default is a configuration specific to the group of
                      destinations

                      referenced in 'targetRef'
                    properties:
                      connectionLimits:
                        description: >-
                          ConnectionLimits contains configuration of each
                          circuit breaking limit,

                          which when exceeded makes the circuit breaker to
                          become open (no traffic

                          is allowed like no current is allowed in the circuits
                          when physical

                          circuit breaker ir open)
                        properties:
                          maxConnectionPools:
                            description: >-
                              The maximum number of connection pools per cluster
                              that are concurrently

                              supported at once. Set this for clusters which
                              create a large number of

                              connection pools.
                            format: int32
                            type: integer
                          maxConnections:
                            description: >-
                              The maximum number of connections allowed to be
                              made to the upstream

                              cluster.
                            format: int32
                            type: integer
                          maxPendingRequests:
                            description: >-
                              The maximum number of pending requests that are
                              allowed to the upstream

                              cluster. This limit is applied as a connection
                              limit for non-HTTP

                              traffic.
                            format: int32
                            type: integer
                          maxRequests:
                            description: >-
                              The maximum number of parallel requests that are
                              allowed to be made

                              to the upstream cluster. This limit does not apply
                              to non-HTTP traffic.
                            format: int32
                            type: integer
                          maxRetries:
                            description: >-
                              The maximum number of parallel retries that will
                              be allowed to

                              the upstream cluster.
                            format: int32
                            type: integer
                        type: object
                      outlierDetection:
                        description: >-
                          OutlierDetection contains the configuration of the
                          process of dynamically

                          determining whether some number of hosts in an
                          upstream cluster are

                          performing unlike the others and removing them from
                          the healthy load

                          balancing set. Performance might be along different
                          axes such as

                          consecutive failures, temporal success rate, temporal
                          latency, etc.

                          Outlier detection is a form of passive health
                          checking.
                        properties:
                          baseEjectionTime:
                            description: >-
                              The base time that a host is ejected for. The real
                              time is equal to

                              the base time multiplied by the number of times
                              the host has been

                              ejected.
                            type: string
                          detectors:
                            description: >-
                              Contains configuration for supported outlier
                              detectors
                            properties:
                              failurePercentage:
                                description: >-
                                  Failure Percentage based outlier detection
                                  functions similarly to success

                                  rate detection, in that it relies on success
                                  rate data from each host in

                                  a cluster. However, rather than compare those
                                  values to the mean success

                                  rate of the cluster as a whole, they are
                                  compared to a flat

                                  user-configured threshold. This threshold is
                                  configured via the

                                  outlierDetection.failurePercentageThreshold
                                  field.

                                  The other configuration fields for failure
                                  percentage based detection are

                                  similar to the fields for success rate
                                  detection. As with success rate

                                  detection, detection will not be performed for
                                  a host if its request

                                  volume over the aggregation interval is less
                                  than the

                                  outlierDetection.detectors.failurePercentage.requestVolume
                                  value.

                                  Detection also will not be performed for a
                                  cluster if the number of hosts

                                  with the minimum required request volume in an
                                  interval is less than the

                                  outlierDetection.detectors.failurePercentage.minimumHosts
                                  value.
                                properties:
                                  minimumHosts:
                                    description: >-
                                      The minimum number of hosts in a cluster
                                      in order to perform failure

                                      percentage-based ejection. If the total
                                      number of hosts in the cluster is

                                      less than this value, failure
                                      percentage-based ejection will not be

                                      performed.
                                    format: int32
                                    type: integer
                                  requestVolume:
                                    description: >-
                                      The minimum number of total requests that
                                      must be collected in one

                                      interval (as defined by the interval
                                      duration above) to perform failure

                                      percentage-based ejection for this host.
                                      If the volume is lower than this

                                      setting, failure percentage-based ejection
                                      will not be performed for this

                                      host.
                                    format: int32
                                    type: integer
                                  threshold:
                                    description: >-
                                      The failure percentage to use when
                                      determining failure percentage-based

                                      outlier detection. If the failure
                                      percentage of a given host is greater

                                      than or equal to this value, it will be
                                      ejected.
                                    format: int32
                                    type: integer
                                type: object
                              gatewayFailures:
                                description: >-
                                  In the default mode
                                  (outlierDetection.splitExternalLocalOriginErrors
                                  is

                                  false) this detection type takes into account
                                  a subset of 5xx errors,

                                  called "gateway errors" (502, 503 or 504
                                  status code) and local origin

                                  failures, such as timeout, TCP reset etc.

                                  In split mode
                                  (outlierDetection.splitExternalLocalOriginErrors
                                  is true)

                                  this detection type takes into account a
                                  subset of 5xx errors, called

                                  "gateway errors" (502, 503 or 504 status code)
                                  and is supported only by

                                  the http router.
                                properties:
                                  consecutive:
                                    description: >-
                                      The number of consecutive gateway failures
                                      (502, 503, 504 status codes)

                                      before a consecutive gateway failure
                                      ejection occurs.
                                    format: int32
                                    type: integer
                                type: object
                              localOriginFailures:
                                description: >-
                                  This detection type is enabled only when

                                  outlierDetection.splitExternalLocalOriginErrors
                                  is true and takes into

                                  account only locally originated errors
                                  (timeout, reset, etc).

                                  If Envoy repeatedly cannot connect to an
                                  upstream host or communication

                                  with the upstream host is repeatedly
                                  interrupted, it will be ejected.

                                  Various locally originated problems are
                                  detected: timeout, TCP reset,

                                  ICMP errors, etc. This detection type is
                                  supported by http router and

                                  tcp proxy.
                                properties:
                                  consecutive:
                                    description: >-
                                      The number of consecutive locally
                                      originated failures before ejection

                                      occurs. Parameter takes effect only when
                                      splitExternalAndLocalErrors

                                      is set to true.
                                    format: int32
                                    type: integer
                                type: object
                              successRate:
                                description: >-
                                  Success Rate based outlier detection
                                  aggregates success rate data from

                                  every host in a cluster. Then at given
                                  intervals ejects hosts based on

                                  statistical outlier detection. Success Rate
                                  outlier detection will not be

                                  calculated for a host if its request volume
                                  over the aggregation interval

                                  is less than the
                                  outlierDetection.detectors.successRate.requestVolume

                                  value.

                                  Moreover, detection will not be performed for
                                  a cluster if the number of

                                  hosts with the minimum required request volume
                                  in an interval is less

                                  than the
                                  outlierDetection.detectors.successRate.minimumHosts
                                  value.

                                  In the default configuration mode

                                  (outlierDetection.splitExternalLocalOriginErrors
                                  is false) this detection

                                  type takes into account all types of errors:
                                  locally and externally

                                  originated.

                                  In split mode
                                  (outlierDetection.splitExternalLocalOriginErrors
                                  is true),

                                  locally originated errors and externally
                                  originated (transaction) errors

                                  are counted and treated separately.
                                properties:
                                  minimumHosts:
                                    description: >-
                                      The number of hosts in a cluster that must
                                      have enough request volume to

                                      detect success rate outliers. If the
                                      number of hosts is less than this

                                      setting, outlier detection via success
                                      rate statistics is not performed

                                      for any host in the cluster.
                                    format: int32
                                    type: integer
                                  requestVolume:
                                    description: >-
                                      The minimum number of total requests that
                                      must be collected in one

                                      interval (as defined by the interval
                                      duration configured in

                                      outlierDetection section) to include this
                                      host in success rate based

                                      outlier detection. If the volume is lower
                                      than this setting, outlier

                                      detection via success rate statistics is
                                      not performed for that host.
                                    format: int32
                                    type: integer
                                  standardDeviationFactor:
                                    anyOf:
                                      - type: integer
                                      - type: string
                                    description: >-
                                      This factor is used to determine the
                                      ejection threshold for success rate

                                      outlier ejection. The ejection threshold
                                      is the difference between

                                      the mean success rate, and the product of
                                      this factor and the standard

                                      deviation of the mean success rate: mean -
                                      (standard_deviation *

                                      success_rate_standard_deviation_factor).

                                      Either int or decimal represented as
                                      string.
                                    x-kubernetes-int-or-string: true
                                type: object
                              totalFailures:
                                description: >-
                                  In the default mode
                                  (outlierDetection.splitExternalAndLocalErrors
                                  is

                                  false) this detection type takes into account
                                  all generated errors:

                                  locally originated and externally originated
                                  (transaction) errors.

                                  In split mode
                                  (outlierDetection.splitExternalLocalOriginErrors
                                  is true)

                                  this detection type takes into account only
                                  externally originated

                                  (transaction) errors, ignoring locally
                                  originated errors.

                                  If an upstream host is an HTTP-server, only
                                  5xx types of error are taken

                                  into account (see Consecutive Gateway Failure
                                  for exceptions).

                                  Properly formatted responses, even when they
                                  carry an operational error

                                  (like index not found, access denied) are not
                                  taken into account.
                                properties:
                                  consecutive:
                                    description: >-
                                      The number of consecutive server-side
                                      error responses (for HTTP traffic,

                                      5xx responses; for TCP traffic, connection
                                      failures; for Redis, failure

                                      to respond PONG; etc.) before a
                                      consecutive total failure ejection

                                      occurs.
                                    format: int32
                                    type: integer
                                type: object
                            type: object
                          disabled:
                            description: >-
                              When set to true, outlierDetection configuration
                              won't take any effect
                            type: boolean
                          interval:
                            description: >-
                              The time interval between ejection analysis
                              sweeps. This can result in

                              both new ejections and hosts being returned to
                              service.
                            type: string
                          maxEjectionPercent:
                            description: >-
                              The maximum % of an upstream cluster that can be
                              ejected due to outlier

                              detection. Defaults to 10% but will eject at least
                              one host regardless of

                              the value.
                            format: int32
                            type: integer
                          splitExternalAndLocalErrors:
                            description: >-
                              Determines whether to distinguish local origin
                              failures from external

                              errors. If set to true the following configuration
                              parameters are taken

                              into account:
                              detectors.localOriginFailures.consecutive
                            type: boolean
                        type: object
                    type: object
                  targetRef:
                    description: >-
                      TargetRef is a reference to the resource that represents a
                      group of

                      destinations.
                    properties:
                      kind:
                        description: Kind of the referenced resource
                        enum:
                          - Mesh
                          - MeshSubset
                          - MeshGateway
                          - MeshService
                          - MeshServiceSubset
                          - MeshHTTPRoute
                        type: string
                      mesh:
                        description: >-
                          Mesh is reserved for future use to identify cross mesh
                          resources.
                        type: string
                      name:
                        description: >-
                          Name of the referenced resource. Can only be used with
                          kinds: `MeshService`,

                          `MeshServiceSubset` and `MeshGatewayRoute`
                        type: string
                      proxyTypes:
                        description: >-
                          ProxyTypes specifies the data plane types that are
                          subject to the policy. When not specified,

                          all data plane types are targeted by the policy.
                        items:
                          enum:
                            - Sidecar
                            - Gateway
                          type: string
                        minItems: 1
                        type: array
                      tags:
                        additionalProperties:
                          type: string
                        description: >-
                          Tags used to select a subset of proxies by tags. Can
                          only be used with kinds

                          `MeshSubset` and `MeshServiceSubset`
                        type: object
                    type: object
                required:
                  - targetRef
                type: object
              type: array
            targetRef:
              description: >-
                TargetRef is a reference to the resource the policy takes an
                effect on.

                The resource could be either a real store object or virtual
                resource

                defined in place.
              properties:
                kind:
                  description: Kind of the referenced resource
                  enum:
                    - Mesh
                    - MeshSubset
                    - MeshGateway
                    - MeshService
                    - MeshServiceSubset
                    - MeshHTTPRoute
                  type: string
                mesh:
                  description: >-
                    Mesh is reserved for future use to identify cross mesh
                    resources.
                  type: string
                name:
                  description: >-
                    Name of the referenced resource. Can only be used with
                    kinds: `MeshService`,

                    `MeshServiceSubset` and `MeshGatewayRoute`
                  type: string
                proxyTypes:
                  description: >-
                    ProxyTypes specifies the data plane types that are subject
                    to the policy. When not specified,

                    all data plane types are targeted by the policy.
                  items:
                    enum:
                      - Sidecar
                      - Gateway
                    type: string
                  minItems: 1
                  type: array
                tags:
                  additionalProperties:
                    type: string
                  description: >-
                    Tags used to select a subset of proxies by tags. Can only be
                    used with kinds

                    `MeshSubset` and `MeshServiceSubset`
                  type: object
              type: object
            to:
              description: >-
                To list makes a match between the consumed services and
                corresponding

                configurations
              items:
                properties:
                  default:
                    description: >-
                      Default is a configuration specific to the group of
                      destinations

                      referenced in 'targetRef'
                    properties:
                      connectionLimits:
                        description: >-
                          ConnectionLimits contains configuration of each
                          circuit breaking limit,

                          which when exceeded makes the circuit breaker to
                          become open (no traffic

                          is allowed like no current is allowed in the circuits
                          when physical

                          circuit breaker ir open)
                        properties:
                          maxConnectionPools:
                            description: >-
                              The maximum number of connection pools per cluster
                              that are concurrently

                              supported at once. Set this for clusters which
                              create a large number of

                              connection pools.
                            format: int32
                            type: integer
                          maxConnections:
                            description: >-
                              The maximum number of connections allowed to be
                              made to the upstream

                              cluster.
                            format: int32
                            type: integer
                          maxPendingRequests:
                            description: >-
                              The maximum number of pending requests that are
                              allowed to the upstream

                              cluster. This limit is applied as a connection
                              limit for non-HTTP

                              traffic.
                            format: int32
                            type: integer
                          maxRequests:
                            description: >-
                              The maximum number of parallel requests that are
                              allowed to be made

                              to the upstream cluster. This limit does not apply
                              to non-HTTP traffic.
                            format: int32
                            type: integer
                          maxRetries:
                            description: >-
                              The maximum number of parallel retries that will
                              be allowed to

                              the upstream cluster.
                            format: int32
                            type: integer
                        type: object
                      outlierDetection:
                        description: >-
                          OutlierDetection contains the configuration of the
                          process of dynamically

                          determining whether some number of hosts in an
                          upstream cluster are

                          performing unlike the others and removing them from
                          the healthy load

                          balancing set. Performance might be along different
                          axes such as

                          consecutive failures, temporal success rate, temporal
                          latency, etc.

                          Outlier detection is a form of passive health
                          checking.
                        properties:
                          baseEjectionTime:
                            description: >-
                              The base time that a host is ejected for. The real
                              time is equal to

                              the base time multiplied by the number of times
                              the host has been

                              ejected.
                            type: string
                          detectors:
                            description: >-
                              Contains configuration for supported outlier
                              detectors
                            properties:
                              failurePercentage:
                                description: >-
                                  Failure Percentage based outlier detection
                                  functions similarly to success

                                  rate detection, in that it relies on success
                                  rate data from each host in

                                  a cluster. However, rather than compare those
                                  values to the mean success

                                  rate of the cluster as a whole, they are
                                  compared to a flat

                                  user-configured threshold. This threshold is
                                  configured via the

                                  outlierDetection.failurePercentageThreshold
                                  field.

                                  The other configuration fields for failure
                                  percentage based detection are

                                  similar to the fields for success rate
                                  detection. As with success rate

                                  detection, detection will not be performed for
                                  a host if its request

                                  volume over the aggregation interval is less
                                  than the

                                  outlierDetection.detectors.failurePercentage.requestVolume
                                  value.

                                  Detection also will not be performed for a
                                  cluster if the number of hosts

                                  with the minimum required request volume in an
                                  interval is less than the

                                  outlierDetection.detectors.failurePercentage.minimumHosts
                                  value.
                                properties:
                                  minimumHosts:
                                    description: >-
                                      The minimum number of hosts in a cluster
                                      in order to perform failure

                                      percentage-based ejection. If the total
                                      number of hosts in the cluster is

                                      less than this value, failure
                                      percentage-based ejection will not be

                                      performed.
                                    format: int32
                                    type: integer
                                  requestVolume:
                                    description: >-
                                      The minimum number of total requests that
                                      must be collected in one

                                      interval (as defined by the interval
                                      duration above) to perform failure

                                      percentage-based ejection for this host.
                                      If the volume is lower than this

                                      setting, failure percentage-based ejection
                                      will not be performed for this

                                      host.
                                    format: int32
                                    type: integer
                                  threshold:
                                    description: >-
                                      The failure percentage to use when
                                      determining failure percentage-based

                                      outlier detection. If the failure
                                      percentage of a given host is greater

                                      than or equal to this value, it will be
                                      ejected.
                                    format: int32
                                    type: integer
                                type: object
                              gatewayFailures:
                                description: >-
                                  In the default mode
                                  (outlierDetection.splitExternalLocalOriginErrors
                                  is

                                  false) this detection type takes into account
                                  a subset of 5xx errors,

                                  called "gateway errors" (502, 503 or 504
                                  status code) and local origin

                                  failures, such as timeout, TCP reset etc.

                                  In split mode
                                  (outlierDetection.splitExternalLocalOriginErrors
                                  is true)

                                  this detection type takes into account a
                                  subset of 5xx errors, called

                                  "gateway errors" (502, 503 or 504 status code)
                                  and is supported only by

                                  the http router.
                                properties:
                                  consecutive:
                                    description: >-
                                      The number of consecutive gateway failures
                                      (502, 503, 504 status codes)

                                      before a consecutive gateway failure
                                      ejection occurs.
                                    format: int32
                                    type: integer
                                type: object
                              localOriginFailures:
                                description: >-
                                  This detection type is enabled only when

                                  outlierDetection.splitExternalLocalOriginErrors
                                  is true and takes into

                                  account only locally originated errors
                                  (timeout, reset, etc).

                                  If Envoy repeatedly cannot connect to an
                                  upstream host or communication

                                  with the upstream host is repeatedly
                                  interrupted, it will be ejected.

                                  Various locally originated problems are
                                  detected: timeout, TCP reset,

                                  ICMP errors, etc. This detection type is
                                  supported by http router and

                                  tcp proxy.
                                properties:
                                  consecutive:
                                    description: >-
                                      The number of consecutive locally
                                      originated failures before ejection

                                      occurs. Parameter takes effect only when
                                      splitExternalAndLocalErrors

                                      is set to true.
                                    format: int32
                                    type: integer
                                type: object
                              successRate:
                                description: >-
                                  Success Rate based outlier detection
                                  aggregates success rate data from

                                  every host in a cluster. Then at given
                                  intervals ejects hosts based on

                                  statistical outlier detection. Success Rate
                                  outlier detection will not be

                                  calculated for a host if its request volume
                                  over the aggregation interval

                                  is less than the
                                  outlierDetection.detectors.successRate.requestVolume

                                  value.

                                  Moreover, detection will not be performed for
                                  a cluster if the number of

                                  hosts with the minimum required request volume
                                  in an interval is less

                                  than the
                                  outlierDetection.detectors.successRate.minimumHosts
                                  value.

                                  In the default configuration mode

                                  (outlierDetection.splitExternalLocalOriginErrors
                                  is false) this detection

                                  type takes into account all types of errors:
                                  locally and externally

                                  originated.

                                  In split mode
                                  (outlierDetection.splitExternalLocalOriginErrors
                                  is true),

                                  locally originated errors and externally
                                  originated (transaction) errors

                                  are counted and treated separately.
                                properties:
                                  minimumHosts:
                                    description: >-
                                      The number of hosts in a cluster that must
                                      have enough request volume to

                                      detect success rate outliers. If the
                                      number of hosts is less than this

                                      setting, outlier detection via success
                                      rate statistics is not performed

                                      for any host in the cluster.
                                    format: int32
                                    type: integer
                                  requestVolume:
                                    description: >-
                                      The minimum number of total requests that
                                      must be collected in one

                                      interval (as defined by the interval
                                      duration configured in

                                      outlierDetection section) to include this
                                      host in success rate based

                                      outlier detection. If the volume is lower
                                      than this setting, outlier

                                      detection via success rate statistics is
                                      not performed for that host.
                                    format: int32
                                    type: integer
                                  standardDeviationFactor:
                                    anyOf:
                                      - type: integer
                                      - type: string
                                    description: >-
                                      This factor is used to determine the
                                      ejection threshold for success rate

                                      outlier ejection. The ejection threshold
                                      is the difference between

                                      the mean success rate, and the product of
                                      this factor and the standard

                                      deviation of the mean success rate: mean -
                                      (standard_deviation *

                                      success_rate_standard_deviation_factor).

                                      Either int or decimal represented as
                                      string.
                                    x-kubernetes-int-or-string: true
                                type: object
                              totalFailures:
                                description: >-
                                  In the default mode
                                  (outlierDetection.splitExternalAndLocalErrors
                                  is

                                  false) this detection type takes into account
                                  all generated errors:

                                  locally originated and externally originated
                                  (transaction) errors.

                                  In split mode
                                  (outlierDetection.splitExternalLocalOriginErrors
                                  is true)

                                  this detection type takes into account only
                                  externally originated

                                  (transaction) errors, ignoring locally
                                  originated errors.

                                  If an upstream host is an HTTP-server, only
                                  5xx types of error are taken

                                  into account (see Consecutive Gateway Failure
                                  for exceptions).

                                  Properly formatted responses, even when they
                                  carry an operational error

                                  (like index not found, access denied) are not
                                  taken into account.
                                properties:
                                  consecutive:
                                    description: >-
                                      The number of consecutive server-side
                                      error responses (for HTTP traffic,

                                      5xx responses; for TCP traffic, connection
                                      failures; for Redis, failure

                                      to respond PONG; etc.) before a
                                      consecutive total failure ejection

                                      occurs.
                                    format: int32
                                    type: integer
                                type: object
                            type: object
                          disabled:
                            description: >-
                              When set to true, outlierDetection configuration
                              won't take any effect
                            type: boolean
                          interval:
                            description: >-
                              The time interval between ejection analysis
                              sweeps. This can result in

                              both new ejections and hosts being returned to
                              service.
                            type: string
                          maxEjectionPercent:
                            description: >-
                              The maximum % of an upstream cluster that can be
                              ejected due to outlier

                              detection. Defaults to 10% but will eject at least
                              one host regardless of

                              the value.
                            format: int32
                            type: integer
                          splitExternalAndLocalErrors:
                            description: >-
                              Determines whether to distinguish local origin
                              failures from external

                              errors. If set to true the following configuration
                              parameters are taken

                              into account:
                              detectors.localOriginFailures.consecutive
                            type: boolean
                        type: object
                    type: object
                  targetRef:
                    description: >-
                      TargetRef is a reference to the resource that represents a
                      group of

                      destinations.
                    properties:
                      kind:
                        description: Kind of the referenced resource
                        enum:
                          - Mesh
                          - MeshSubset
                          - MeshGateway
                          - MeshService
                          - MeshServiceSubset
                          - MeshHTTPRoute
                        type: string
                      mesh:
                        description: >-
                          Mesh is reserved for future use to identify cross mesh
                          resources.
                        type: string
                      name:
                        description: >-
                          Name of the referenced resource. Can only be used with
                          kinds: `MeshService`,

                          `MeshServiceSubset` and `MeshGatewayRoute`
                        type: string
                      proxyTypes:
                        description: >-
                          ProxyTypes specifies the data plane types that are
                          subject to the policy. When not specified,

                          all data plane types are targeted by the policy.
                        items:
                          enum:
                            - Sidecar
                            - Gateway
                          type: string
                        minItems: 1
                        type: array
                      tags:
                        additionalProperties:
                          type: string
                        description: >-
                          Tags used to select a subset of proxies by tags. Can
                          only be used with kinds

                          `MeshSubset` and `MeshServiceSubset`
                        type: object
                    type: object
                required:
                  - targetRef
                type: object
              type: array
          required:
            - targetRef
          type: object
    MeshFaultInjectionItem:
      type: object
      properties:
        type:
          description: the type of the resource
          type: string
          enum:
            - MeshFaultInjection
        mesh:
          description: >-
            Mesh is the name of the Kuma mesh this resource belongs to. It may
            be omitted for cluster-scoped resources.
          type: string
          default: default
        name:
          description: Name of the Kuma resource
          type: string
        spec:
          description: Spec is the specification of the Kuma MeshFaultInjection resource.
          properties:
            from:
              description: >-
                From list makes a match between clients and corresponding
                configurations
              items:
                properties:
                  default:
                    description: >-
                      Default is a configuration specific to the group of
                      destinations referenced in

                      'targetRef'
                    properties:
                      http:
                        description: >-
                          Http allows to define list of Http faults between
                          dataplanes.
                        items:
                          description: >-
                            FaultInjection defines the configuration of faults
                            between dataplanes.
                          properties:
                            abort:
                              description: >-
                                Abort defines a configuration of not delivering
                                requests to destination

                                service and replacing the responses from
                                destination dataplane by

                                predefined status code
                              properties:
                                httpStatus:
                                  description: >-
                                    HTTP status code which will be returned to
                                    source side
                                  format: int32
                                  type: integer
                                percentage:
                                  anyOf:
                                    - type: integer
                                    - type: string
                                  description: >-
                                    Percentage of requests on which abort will
                                    be injected, has to be

                                    either int or decimal represented as string.
                                  x-kubernetes-int-or-string: true
                              required:
                                - httpStatus
                                - percentage
                              type: object
                            delay:
                              description: >-
                                Delay defines configuration of delaying a
                                response from a destination
                              properties:
                                percentage:
                                  anyOf:
                                    - type: integer
                                    - type: string
                                  description: >-
                                    Percentage of requests on which delay will
                                    be injected, has to be

                                    either int or decimal represented as string.
                                  x-kubernetes-int-or-string: true
                                value:
                                  description: >-
                                    The duration during which the response will
                                    be delayed
                                  type: string
                              required:
                                - percentage
                                - value
                              type: object
                            responseBandwidth:
                              description: >-
                                ResponseBandwidth defines a configuration to
                                limit the speed of

                                responding to the requests
                              properties:
                                limit:
                                  description: >-
                                    Limit is represented by value measure in
                                    Gbps, Mbps, kbps, e.g.

                                    10kbps
                                  type: string
                                percentage:
                                  anyOf:
                                    - type: integer
                                    - type: string
                                  description: >-
                                    Percentage of requests on which response
                                    bandwidth limit will be

                                    either int or decimal represented as string.
                                  x-kubernetes-int-or-string: true
                              required:
                                - limit
                                - percentage
                              type: object
                          type: object
                        type: array
                    type: object
                  targetRef:
                    description: >-
                      TargetRef is a reference to the resource that represents a
                      group of

                      destinations.
                    properties:
                      kind:
                        description: Kind of the referenced resource
                        enum:
                          - Mesh
                          - MeshSubset
                          - MeshGateway
                          - MeshService
                          - MeshServiceSubset
                          - MeshHTTPRoute
                        type: string
                      mesh:
                        description: >-
                          Mesh is reserved for future use to identify cross mesh
                          resources.
                        type: string
                      name:
                        description: >-
                          Name of the referenced resource. Can only be used with
                          kinds: `MeshService`,

                          `MeshServiceSubset` and `MeshGatewayRoute`
                        type: string
                      proxyTypes:
                        description: >-
                          ProxyTypes specifies the data plane types that are
                          subject to the policy. When not specified,

                          all data plane types are targeted by the policy.
                        items:
                          enum:
                            - Sidecar
                            - Gateway
                          type: string
                        minItems: 1
                        type: array
                      tags:
                        additionalProperties:
                          type: string
                        description: >-
                          Tags used to select a subset of proxies by tags. Can
                          only be used with kinds

                          `MeshSubset` and `MeshServiceSubset`
                        type: object
                    type: object
                required:
                  - targetRef
                type: object
              type: array
            targetRef:
              description: >-
                TargetRef is a reference to the resource the policy takes an
                effect on.

                The resource could be either a real store object or virtual
                resource

                defined inplace.
              properties:
                kind:
                  description: Kind of the referenced resource
                  enum:
                    - Mesh
                    - MeshSubset
                    - MeshGateway
                    - MeshService
                    - MeshServiceSubset
                    - MeshHTTPRoute
                  type: string
                mesh:
                  description: >-
                    Mesh is reserved for future use to identify cross mesh
                    resources.
                  type: string
                name:
                  description: >-
                    Name of the referenced resource. Can only be used with
                    kinds: `MeshService`,

                    `MeshServiceSubset` and `MeshGatewayRoute`
                  type: string
                proxyTypes:
                  description: >-
                    ProxyTypes specifies the data plane types that are subject
                    to the policy. When not specified,

                    all data plane types are targeted by the policy.
                  items:
                    enum:
                      - Sidecar
                      - Gateway
                    type: string
                  minItems: 1
                  type: array
                tags:
                  additionalProperties:
                    type: string
                  description: >-
                    Tags used to select a subset of proxies by tags. Can only be
                    used with kinds

                    `MeshSubset` and `MeshServiceSubset`
                  type: object
              type: object
            to:
              description: >-
                To list makes a match between clients and corresponding
                configurations
              items:
                properties:
                  default:
                    description: >-
                      Default is a configuration specific to the group of
                      destinations referenced in

                      'targetRef'
                    properties:
                      http:
                        description: >-
                          Http allows to define list of Http faults between
                          dataplanes.
                        items:
                          description: >-
                            FaultInjection defines the configuration of faults
                            between dataplanes.
                          properties:
                            abort:
                              description: >-
                                Abort defines a configuration of not delivering
                                requests to destination

                                service and replacing the responses from
                                destination dataplane by

                                predefined status code
                              properties:
                                httpStatus:
                                  description: >-
                                    HTTP status code which will be returned to
                                    source side
                                  format: int32
                                  type: integer
                                percentage:
                                  anyOf:
                                    - type: integer
                                    - type: string
                                  description: >-
                                    Percentage of requests on which abort will
                                    be injected, has to be

                                    either int or decimal represented as string.
                                  x-kubernetes-int-or-string: true
                              required:
                                - httpStatus
                                - percentage
                              type: object
                            delay:
                              description: >-
                                Delay defines configuration of delaying a
                                response from a destination
                              properties:
                                percentage:
                                  anyOf:
                                    - type: integer
                                    - type: string
                                  description: >-
                                    Percentage of requests on which delay will
                                    be injected, has to be

                                    either int or decimal represented as string.
                                  x-kubernetes-int-or-string: true
                                value:
                                  description: >-
                                    The duration during which the response will
                                    be delayed
                                  type: string
                              required:
                                - percentage
                                - value
                              type: object
                            responseBandwidth:
                              description: >-
                                ResponseBandwidth defines a configuration to
                                limit the speed of

                                responding to the requests
                              properties:
                                limit:
                                  description: >-
                                    Limit is represented by value measure in
                                    Gbps, Mbps, kbps, e.g.

                                    10kbps
                                  type: string
                                percentage:
                                  anyOf:
                                    - type: integer
                                    - type: string
                                  description: >-
                                    Percentage of requests on which response
                                    bandwidth limit will be

                                    either int or decimal represented as string.
                                  x-kubernetes-int-or-string: true
                              required:
                                - limit
                                - percentage
                              type: object
                          type: object
                        type: array
                    type: object
                  targetRef:
                    description: >-
                      TargetRef is a reference to the resource that represents a
                      group of

                      destinations.
                    properties:
                      kind:
                        description: Kind of the referenced resource
                        enum:
                          - Mesh
                          - MeshSubset
                          - MeshGateway
                          - MeshService
                          - MeshServiceSubset
                          - MeshHTTPRoute
                        type: string
                      mesh:
                        description: >-
                          Mesh is reserved for future use to identify cross mesh
                          resources.
                        type: string
                      name:
                        description: >-
                          Name of the referenced resource. Can only be used with
                          kinds: `MeshService`,

                          `MeshServiceSubset` and `MeshGatewayRoute`
                        type: string
                      proxyTypes:
                        description: >-
                          ProxyTypes specifies the data plane types that are
                          subject to the policy. When not specified,

                          all data plane types are targeted by the policy.
                        items:
                          enum:
                            - Sidecar
                            - Gateway
                          type: string
                        minItems: 1
                        type: array
                      tags:
                        additionalProperties:
                          type: string
                        description: >-
                          Tags used to select a subset of proxies by tags. Can
                          only be used with kinds

                          `MeshSubset` and `MeshServiceSubset`
                        type: object
                    type: object
                required:
                  - targetRef
                type: object
              type: array
          required:
            - targetRef
          type: object
    MeshHealthCheckItem:
      type: object
      properties:
        type:
          description: the type of the resource
          type: string
          enum:
            - MeshHealthCheck
        mesh:
          description: >-
            Mesh is the name of the Kuma mesh this resource belongs to. It may
            be omitted for cluster-scoped resources.
          type: string
          default: default
        name:
          description: Name of the Kuma resource
          type: string
        spec:
          description: Spec is the specification of the Kuma MeshHealthCheck resource.
          properties:
            targetRef:
              description: >-
                TargetRef is a reference to the resource the policy takes an
                effect on.

                The resource could be either a real store object or virtual
                resource

                defined inplace.
              properties:
                kind:
                  description: Kind of the referenced resource
                  enum:
                    - Mesh
                    - MeshSubset
                    - MeshGateway
                    - MeshService
                    - MeshServiceSubset
                    - MeshHTTPRoute
                  type: string
                mesh:
                  description: >-
                    Mesh is reserved for future use to identify cross mesh
                    resources.
                  type: string
                name:
                  description: >-
                    Name of the referenced resource. Can only be used with
                    kinds: `MeshService`,

                    `MeshServiceSubset` and `MeshGatewayRoute`
                  type: string
                proxyTypes:
                  description: >-
                    ProxyTypes specifies the data plane types that are subject
                    to the policy. When not specified,

                    all data plane types are targeted by the policy.
                  items:
                    enum:
                      - Sidecar
                      - Gateway
                    type: string
                  minItems: 1
                  type: array
                tags:
                  additionalProperties:
                    type: string
                  description: >-
                    Tags used to select a subset of proxies by tags. Can only be
                    used with kinds

                    `MeshSubset` and `MeshServiceSubset`
                  type: object
              type: object
            to:
              description: >-
                To list makes a match between the consumed services and
                corresponding configurations
              items:
                properties:
                  default:
                    description: >-
                      Default is a configuration specific to the group of
                      destinations referenced in

                      'targetRef'
                    properties:
                      alwaysLogHealthCheckFailures:
                        description: >-
                          If set to true, health check failure events will
                          always be logged. If set

                          to false, only the initial health check failure event
                          will be logged. The

                          default value is false.
                        type: boolean
                      eventLogPath:
                        description: >-
                          Specifies the path to the file where Envoy can log
                          health check events.

                          If empty, no event log will be written.
                        type: string
                      failTrafficOnPanic:
                        description: >-
                          If set to true, Envoy will not consider any hosts when
                          the cluster is in

                          'panic mode'. Instead, the cluster will fail all
                          requests as if all hosts

                          are unhealthy. This can help avoid potentially
                          overwhelming a failing

                          service.
                        type: boolean
                      grpc:
                        description: >-
                          GrpcHealthCheck defines gRPC configuration which will
                          instruct the service

                          the health check will be made for is a gRPC service.
                        properties:
                          authority:
                            description: >-
                              The value of the :authority header in the gRPC
                              health check request,

                              by default name of the cluster this health check
                              is associated with
                            type: string
                          disabled:
                            description: If true the GrpcHealthCheck is disabled
                            type: boolean
                          serviceName:
                            description: >-
                              Service name parameter which will be sent to gRPC
                              service
                            type: string
                        type: object
                      healthyPanicThreshold:
                        anyOf:
                          - type: integer
                          - type: string
                        description: >-
                          Allows to configure panic threshold for Envoy cluster.
                          If not specified,

                          the default is 50%. To disable panic mode, set to 0%.

                          Either int or decimal represented as string.
                        x-kubernetes-int-or-string: true
                      healthyThreshold:
                        default: 1
                        description: >-
                          Number of consecutive healthy checks before
                          considering a host healthy.
                        format: int32
                        type: integer
                      http:
                        description: >-
                          HttpHealthCheck defines HTTP configuration which will
                          instruct the service

                          the health check will be made for is an HTTP service.
                        properties:
                          disabled:
                            description: If true the HttpHealthCheck is disabled
                            type: boolean
                          expectedStatuses:
                            description: >-
                              List of HTTP response statuses which are
                              considered healthy
                            items:
                              format: int32
                              type: integer
                            type: array
                          path:
                            default: /
                            description: >-
                              The HTTP path which will be requested during the
                              health check

                              (ie. /health)
                            type: string
                          requestHeadersToAdd:
                            description: >-
                              The list of HTTP headers which should be added to
                              each health check

                              request
                            properties:
                              add:
                                items:
                                  properties:
                                    name:
                                      maxLength: 256
                                      minLength: 1
                                      pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$
                                      type: string
                                    value:
                                      type: string
                                  required:
                                    - name
                                    - value
                                  type: object
                                maxItems: 16
                                type: array
                                x-kubernetes-list-map-keys:
                                  - name
                                x-kubernetes-list-type: map
                              set:
                                items:
                                  properties:
                                    name:
                                      maxLength: 256
                                      minLength: 1
                                      pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$
                                      type: string
                                    value:
                                      type: string
                                  required:
                                    - name
                                    - value
                                  type: object
                                maxItems: 16
                                type: array
                                x-kubernetes-list-map-keys:
                                  - name
                                x-kubernetes-list-type: map
                            type: object
                        type: object
                      initialJitter:
                        description: >-
                          If specified, Envoy will start health checking after a
                          random time in

                          ms between 0 and initialJitter. This only applies to
                          the first health

                          check.
                        type: string
                      interval:
                        default: 1m
                        description: Interval between consecutive health checks.
                        type: string
                      intervalJitter:
                        description: >-
                          If specified, during every interval Envoy will add
                          IntervalJitter to the

                          wait time.
                        type: string
                      intervalJitterPercent:
                        description: >-
                          If specified, during every interval Envoy will add
                          IntervalJitter *

                          IntervalJitterPercent / 100 to the wait time. If
                          IntervalJitter and

                          IntervalJitterPercent are both set, both of them will
                          be used to

                          increase the wait time.
                        format: int32
                        type: integer
                      noTrafficInterval:
                        description: >-
                          The "no traffic interval" is a special health check
                          interval that is used

                          when a cluster has never had traffic routed to it.
                          This lower interval

                          allows cluster information to be kept up to date,
                          without sending a

                          potentially large amount of active health checking
                          traffic for no reason.

                          Once a cluster has been used for traffic routing,
                          Envoy will shift back

                          to using the standard health check interval that is
                          defined. Note that

                          this interval takes precedence over any other. The
                          default value for "no

                          traffic interval" is 60 seconds.
                        type: string
                      reuseConnection:
                        description: >-
                          Reuse health check connection between health checks.
                          Default is true.
                        type: boolean
                      tcp:
                        description: >-
                          TcpHealthCheck defines configuration for specifying
                          bytes to send and

                          expected response during the health check
                        properties:
                          disabled:
                            description: If true the TcpHealthCheck is disabled
                            type: boolean
                          receive:
                            description: >-
                              List of Base64 encoded blocks of strings expected
                              as a response. When checking the response,

                              "fuzzy" matching is performed such that each block
                              must be found, and

                              in the order specified, but not necessarily
                              contiguous.

                              If not provided or empty, checks will be performed
                              as "connect only" and be marked as successful when
                              TCP connection is successfully established.
                            items:
                              type: string
                            type: array
                          send:
                            description: >-
                              Base64 encoded content of the message which will
                              be sent during the health check to the target
                            type: string
                        type: object
                      timeout:
                        default: 15s
                        description: Maximum time to wait for a health check response.
                        type: string
                      unhealthyThreshold:
                        default: 5
                        description: >-
                          Number of consecutive unhealthy checks before
                          considering a host

                          unhealthy.
                        format: int32
                        type: integer
                    type: object
                  targetRef:
                    description: >-
                      TargetRef is a reference to the resource that represents a
                      group of

                      destinations.
                    properties:
                      kind:
                        description: Kind of the referenced resource
                        enum:
                          - Mesh
                          - MeshSubset
                          - MeshGateway
                          - MeshService
                          - MeshServiceSubset
                          - MeshHTTPRoute
                        type: string
                      mesh:
                        description: >-
                          Mesh is reserved for future use to identify cross mesh
                          resources.
                        type: string
                      name:
                        description: >-
                          Name of the referenced resource. Can only be used with
                          kinds: `MeshService`,

                          `MeshServiceSubset` and `MeshGatewayRoute`
                        type: string
                      proxyTypes:
                        description: >-
                          ProxyTypes specifies the data plane types that are
                          subject to the policy. When not specified,

                          all data plane types are targeted by the policy.
                        items:
                          enum:
                            - Sidecar
                            - Gateway
                          type: string
                        minItems: 1
                        type: array
                      tags:
                        additionalProperties:
                          type: string
                        description: >-
                          Tags used to select a subset of proxies by tags. Can
                          only be used with kinds

                          `MeshSubset` and `MeshServiceSubset`
                        type: object
                    type: object
                required:
                  - targetRef
                type: object
              type: array
          required:
            - targetRef
          type: object
    MeshHTTPRouteItem:
      type: object
      properties:
        type:
          description: the type of the resource
          type: string
          enum:
            - MeshHTTPRoute
        mesh:
          description: >-
            Mesh is the name of the Kuma mesh this resource belongs to. It may
            be omitted for cluster-scoped resources.
          type: string
          default: default
        name:
          description: Name of the Kuma resource
          type: string
        spec:
          description: Spec is the specification of the Kuma MeshHTTPRoute resource.
          properties:
            targetRef:
              description: >-
                TargetRef is a reference to the resource the policy takes an
                effect on.

                The resource could be either a real store object or virtual
                resource

                defined inplace.
              properties:
                kind:
                  description: Kind of the referenced resource
                  enum:
                    - Mesh
                    - MeshSubset
                    - MeshGateway
                    - MeshService
                    - MeshServiceSubset
                    - MeshHTTPRoute
                  type: string
                mesh:
                  description: >-
                    Mesh is reserved for future use to identify cross mesh
                    resources.
                  type: string
                name:
                  description: >-
                    Name of the referenced resource. Can only be used with
                    kinds: `MeshService`,

                    `MeshServiceSubset` and `MeshGatewayRoute`
                  type: string
                proxyTypes:
                  description: >-
                    ProxyTypes specifies the data plane types that are subject
                    to the policy. When not specified,

                    all data plane types are targeted by the policy.
                  items:
                    enum:
                      - Sidecar
                      - Gateway
                    type: string
                  minItems: 1
                  type: array
                tags:
                  additionalProperties:
                    type: string
                  description: >-
                    Tags used to select a subset of proxies by tags. Can only be
                    used with kinds

                    `MeshSubset` and `MeshServiceSubset`
                  type: object
              type: object
            to:
              description: >-
                To matches destination services of requests and holds
                configuration.
              items:
                properties:
                  hostnames:
                    description: >-
                      Hostnames is only valid when targeting MeshGateway and
                      limits the

                      effects of the rules to requests to this hostname.

                      Given hostnames must intersect with the hostname of the
                      listeners the

                      route attaches to.
                    items:
                      type: string
                    type: array
                  rules:
                    description: >-
                      Rules contains the routing rules applies to a combination
                      of top-level

                      targetRef and the targetRef in this entry.
                    items:
                      properties:
                        default:
                          description: >-
                            Default holds routing rules that can be merged with
                            rules from other

                            policies.
                          properties:
                            backendRefs:
                              items:
                                description: BackendRef defines where to forward traffic.
                                properties:
                                  kind:
                                    description: Kind of the referenced resource
                                    enum:
                                      - Mesh
                                      - MeshSubset
                                      - MeshGateway
                                      - MeshService
                                      - MeshServiceSubset
                                      - MeshHTTPRoute
                                    type: string
                                  mesh:
                                    description: >-
                                      Mesh is reserved for future use to
                                      identify cross mesh resources.
                                    type: string
                                  name:
                                    description: >-
                                      Name of the referenced resource. Can only
                                      be used with kinds: `MeshService`,

                                      `MeshServiceSubset` and `MeshGatewayRoute`
                                    type: string
                                  proxyTypes:
                                    description: >-
                                      ProxyTypes specifies the data plane types
                                      that are subject to the policy. When not
                                      specified,

                                      all data plane types are targeted by the
                                      policy.
                                    items:
                                      enum:
                                        - Sidecar
                                        - Gateway
                                      type: string
                                    minItems: 1
                                    type: array
                                  tags:
                                    additionalProperties:
                                      type: string
                                    description: >-
                                      Tags used to select a subset of proxies by
                                      tags. Can only be used with kinds

                                      `MeshSubset` and `MeshServiceSubset`
                                    type: object
                                  weight:
                                    default: 1
                                    minimum: 0
                                    type: integer
                                type: object
                              type: array
                            filters:
                              items:
                                properties:
                                  requestHeaderModifier:
                                    description: >-
                                      Only one action is supported per header
                                      name.

                                      Configuration to set or add multiple
                                      values for a header must use RFC 7230

                                      header value formatting, separating each
                                      value with a comma.
                                    properties:
                                      add:
                                        items:
                                          properties:
                                            name:
                                              maxLength: 256
                                              minLength: 1
                                              pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$
                                              type: string
                                            value:
                                              type: string
                                          required:
                                            - name
                                            - value
                                          type: object
                                        maxItems: 16
                                        type: array
                                        x-kubernetes-list-map-keys:
                                          - name
                                        x-kubernetes-list-type: map
                                      remove:
                                        items:
                                          type: string
                                        maxItems: 16
                                        type: array
                                      set:
                                        items:
                                          properties:
                                            name:
                                              maxLength: 256
                                              minLength: 1
                                              pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$
                                              type: string
                                            value:
                                              type: string
                                          required:
                                            - name
                                            - value
                                          type: object
                                        maxItems: 16
                                        type: array
                                        x-kubernetes-list-map-keys:
                                          - name
                                        x-kubernetes-list-type: map
                                    type: object
                                  requestMirror:
                                    properties:
                                      backendRef:
                                        description: >-
                                          TargetRef defines structure that allows
                                          attaching policy to various objects
                                        properties:
                                          kind:
                                            description: Kind of the referenced resource
                                            enum:
                                              - Mesh
                                              - MeshSubset
                                              - MeshGateway
                                              - MeshService
                                              - MeshServiceSubset
                                              - MeshHTTPRoute
                                            type: string
                                          mesh:
                                            description: >-
                                              Mesh is reserved for future use to
                                              identify cross mesh resources.
                                            type: string
                                          name:
                                            description: >-
                                              Name of the referenced resource. Can
                                              only be used with kinds: `MeshService`,

                                              `MeshServiceSubset` and
                                              `MeshGatewayRoute`
                                            type: string
                                          proxyTypes:
                                            description: >-
                                              ProxyTypes specifies the data plane
                                              types that are subject to the policy.
                                              When not specified,

                                              all data plane types are targeted by the
                                              policy.
                                            items:
                                              enum:
                                                - Sidecar
                                                - Gateway
                                              type: string
                                            minItems: 1
                                            type: array
                                          tags:
                                            additionalProperties:
                                              type: string
                                            description: >-
                                              Tags used to select a subset of proxies
                                              by tags. Can only be used with kinds

                                              `MeshSubset` and `MeshServiceSubset`
                                            type: object
                                        type: object
                                      percentage:
                                        anyOf:
                                          - type: integer
                                          - type: string
                                        description: >-
                                          Percentage of requests to mirror. If not
                                          specified, all requests

                                          to the target cluster will be mirrored.
                                        x-kubernetes-int-or-string: true
                                    required:
                                      - backendRef
                                    type: object
                                  requestRedirect:
                                    properties:
                                      hostname:
                                        description: >-
                                          PreciseHostname is the fully qualified
                                          domain name of a network host. This

                                          matches the RFC 1123 definition of a
                                          hostname with 1 notable exception that

                                          numeric IP addresses are not allowed.



                                          Note that as per RFC1035 and RFC1123, a
                                          *label* must consist of lower case

                                          alphanumeric characters or '-', and must
                                          start and end with an alphanumeric

                                          character. No other punctuation is
                                          allowed.
                                        maxLength: 253
                                        minLength: 1
                                        pattern: >-
                                          ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                        type: string
                                      path:
                                        description: >-
                                          Path defines parameters used to modify
                                          the path of the incoming request.

                                          The modified path is then used to
                                          construct the location header.

                                          When empty, the request path is used
                                          as-is.
                                        properties:
                                          replaceFullPath:
                                            type: string
                                          replacePrefixMatch:
                                            type: string
                                          type:
                                            enum:
                                              - ReplaceFullPath
                                              - ReplacePrefixMatch
                                            type: string
                                        required:
                                          - type
                                        type: object
                                      port:
                                        description: >-
                                          Port is the port to be used in the value
                                          of the `Location`

                                          header in the response.

                                          When empty, port (if specified) of the
                                          request is used.
                                        format: int32
                                        maximum: 65535
                                        minimum: 1
                                        type: integer
                                      scheme:
                                        enum:
                                          - http
                                          - https
                                        type: string
                                      statusCode:
                                        default: 302
                                        description: >-
                                          StatusCode is the HTTP status code to be
                                          used in response.
                                        enum:
                                          - 301
                                          - 302
                                          - 303
                                          - 307
                                          - 308
                                        type: integer
                                    type: object
                                  responseHeaderModifier:
                                    description: >-
                                      Only one action is supported per header
                                      name.

                                      Configuration to set or add multiple
                                      values for a header must use RFC 7230

                                      header value formatting, separating each
                                      value with a comma.
                                    properties:
                                      add:
                                        items:
                                          properties:
                                            name:
                                              maxLength: 256
                                              minLength: 1
                                              pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$
                                              type: string
                                            value:
                                              type: string
                                          required:
                                            - name
                                            - value
                                          type: object
                                        maxItems: 16
                                        type: array
                                        x-kubernetes-list-map-keys:
                                          - name
                                        x-kubernetes-list-type: map
                                      remove:
                                        items:
                                          type: string
                                        maxItems: 16
                                        type: array
                                      set:
                                        items:
                                          properties:
                                            name:
                                              maxLength: 256
                                              minLength: 1
                                              pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$
                                              type: string
                                            value:
                                              type: string
                                          required:
                                            - name
                                            - value
                                          type: object
                                        maxItems: 16
                                        type: array
                                        x-kubernetes-list-map-keys:
                                          - name
                                        x-kubernetes-list-type: map
                                    type: object
                                  type:
                                    enum:
                                      - RequestHeaderModifier
                                      - ResponseHeaderModifier
                                      - RequestRedirect
                                      - URLRewrite
                                      - RequestMirror
                                    type: string
                                  urlRewrite:
                                    properties:
                                      hostToBackendHostname:
                                        description: >-
                                          HostToBackendHostname rewrites the
                                          hostname to the hostname of the

                                          upstream host. This option is only
                                          available when targeting MeshGateways.
                                        type: boolean
                                      hostname:
                                        description: >-
                                          Hostname is the value to be used to
                                          replace the host header value during
                                          forwarding.
                                        maxLength: 253
                                        minLength: 1
                                        pattern: >-
                                          ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                        type: string
                                      path:
                                        description: Path defines a path rewrite.
                                        properties:
                                          replaceFullPath:
                                            type: string
                                          replacePrefixMatch:
                                            type: string
                                          type:
                                            enum:
                                              - ReplaceFullPath
                                              - ReplacePrefixMatch
                                            type: string
                                        required:
                                          - type
                                        type: object
                                    type: object
                                required:
                                  - type
                                type: object
                              type: array
                          type: object
                        matches:
                          description: >-
                            Matches describes how to match HTTP requests this
                            rule should be applied

                            to.
                          items:
                            properties:
                              headers:
                                items:
                                  description: >-
                                    HeaderMatch describes how to select an HTTP
                                    route by matching HTTP request

                                    headers.
                                  properties:
                                    name:
                                      description: >-
                                        Name is the name of the HTTP Header to
                                        be matched. Name MUST be lower case

                                        as they will be handled with case
                                        insensitivity (See
                                        https://tools.ietf.org/html/rfc7230#section-3.2).
                                      maxLength: 256
                                      minLength: 1
                                      pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$
                                      type: string
                                    type:
                                      default: Exact
                                      description: >-
                                        Type specifies how to match against the
                                        value of the header.
                                      enum:
                                        - Exact
                                        - Present
                                        - RegularExpression
                                        - Absent
                                        - Prefix
                                      type: string
                                    value:
                                      description: >-
                                        Value is the value of HTTP Header to be
                                        matched.
                                      type: string
                                  required:
                                    - name
                                  type: object
                                type: array
                              method:
                                enum:
                                  - CONNECT
                                  - DELETE
                                  - GET
                                  - HEAD
                                  - OPTIONS
                                  - PATCH
                                  - POST
                                  - PUT
                                  - TRACE
                                type: string
                              path:
                                properties:
                                  type:
                                    enum:
                                      - Exact
                                      - PathPrefix
                                      - RegularExpression
                                    type: string
                                  value:
                                    description: >-
                                      Exact or prefix matches must be an
                                      absolute path. A prefix matches only

                                      if separated by a slash or the entire
                                      path.
                                    minLength: 1
                                    type: string
                                required:
                                  - type
                                  - value
                                type: object
                              queryParams:
                                description: >-
                                  QueryParams matches based on HTTP URL query
                                  parameters. Multiple matches

                                  are ANDed together such that all listed
                                  matches must succeed.
                                items:
                                  properties:
                                    name:
                                      minLength: 1
                                      type: string
                                    type:
                                      enum:
                                        - Exact
                                        - RegularExpression
                                      type: string
                                    value:
                                      type: string
                                  required:
                                    - name
                                    - type
                                    - value
                                  type: object
                                type: array
                            type: object
                          minItems: 1
                          type: array
                      required:
                        - default
                        - matches
                      type: object
                    type: array
                  targetRef:
                    description: >-
                      TargetRef is a reference to the resource that represents a
                      group of

                      request destinations.
                    properties:
                      kind:
                        description: Kind of the referenced resource
                        enum:
                          - Mesh
                          - MeshSubset
                          - MeshGateway
                          - MeshService
                          - MeshServiceSubset
                          - MeshHTTPRoute
                        type: string
                      mesh:
                        description: >-
                          Mesh is reserved for future use to identify cross mesh
                          resources.
                        type: string
                      name:
                        description: >-
                          Name of the referenced resource. Can only be used with
                          kinds: `MeshService`,

                          `MeshServiceSubset` and `MeshGatewayRoute`
                        type: string
                      proxyTypes:
                        description: >-
                          ProxyTypes specifies the data plane types that are
                          subject to the policy. When not specified,

                          all data plane types are targeted by the policy.
                        items:
                          enum:
                            - Sidecar
                            - Gateway
                          type: string
                        minItems: 1
                        type: array
                      tags:
                        additionalProperties:
                          type: string
                        description: >-
                          Tags used to select a subset of proxies by tags. Can
                          only be used with kinds

                          `MeshSubset` and `MeshServiceSubset`
                        type: object
                    type: object
                type: object
              type: array
          type: object
    MeshLoadBalancingStrategyItem:
      type: object
      properties:
        type:
          description: the type of the resource
          type: string
          enum:
            - MeshLoadBalancingStrategy
        mesh:
          description: >-
            Mesh is the name of the Kuma mesh this resource belongs to. It may
            be omitted for cluster-scoped resources.
          type: string
          default: default
        name:
          description: Name of the Kuma resource
          type: string
        spec:
          description: >-
            Spec is the specification of the Kuma MeshLoadBalancingStrategy
            resource.
          properties:
            targetRef:
              description: >-
                TargetRef is a reference to the resource the policy takes an
                effect on.

                The resource could be either a real store object or virtual
                resource

                defined inplace.
              properties:
                kind:
                  description: Kind of the referenced resource
                  enum:
                    - Mesh
                    - MeshSubset
                    - MeshGateway
                    - MeshService
                    - MeshServiceSubset
                    - MeshHTTPRoute
                  type: string
                mesh:
                  description: >-
                    Mesh is reserved for future use to identify cross mesh
                    resources.
                  type: string
                name:
                  description: >-
                    Name of the referenced resource. Can only be used with
                    kinds: `MeshService`,

                    `MeshServiceSubset` and `MeshGatewayRoute`
                  type: string
                proxyTypes:
                  description: >-
                    ProxyTypes specifies the data plane types that are subject
                    to the policy. When not specified,

                    all data plane types are targeted by the policy.
                  items:
                    enum:
                      - Sidecar
                      - Gateway
                    type: string
                  minItems: 1
                  type: array
                tags:
                  additionalProperties:
                    type: string
                  description: >-
                    Tags used to select a subset of proxies by tags. Can only be
                    used with kinds

                    `MeshSubset` and `MeshServiceSubset`
                  type: object
              type: object
            to:
              description: >-
                To list makes a match between the consumed services and
                corresponding configurations
              items:
                properties:
                  default:
                    description: >-
                      Default is a configuration specific to the group of
                      destinations referenced in

                      'targetRef'
                    properties:
                      loadBalancer:
                        description: >-
                          LoadBalancer allows to specify load balancing
                          algorithm.
                        properties:
                          leastRequest:
                            description: >-
                              LeastRequest selects N random available hosts as
                              specified in 'choiceCount' (2 by default)

                              and picks the host which has the fewest active
                              requests
                            properties:
                              activeRequestBias:
                                anyOf:
                                  - type: integer
                                  - type: string
                                description: >-
                                  ActiveRequestBias refers to dynamic weights
                                  applied when hosts have varying load

                                  balancing weights. A higher value here
                                  aggressively reduces the weight of endpoints

                                  that are currently handling active requests.
                                  In essence, the higher the ActiveRequestBias

                                  value, the more forcefully it reduces the load
                                  balancing weight of endpoints that are

                                  actively serving requests.
                                x-kubernetes-int-or-string: true
                              choiceCount:
                                description: >-
                                  ChoiceCount is the number of random healthy
                                  hosts from which the host with

                                  the fewest active requests will be chosen.
                                  Defaults to 2 so that Envoy performs

                                  two-choice selection if the field is not set.
                                format: int32
                                minimum: 2
                                type: integer
                            type: object
                          maglev:
                            description: >-
                              Maglev implements consistent hashing to upstream
                              hosts. Maglev can be used as

                              a drop in replacement for the ring hash load
                              balancer any place in which

                              consistent hashing is desired.
                            properties:
                              hashPolicies:
                                description: >-
                                  HashPolicies specify a list of
                                  request/connection properties that are used to
                                  calculate a hash.

                                  These hash policies are executed in the
                                  specified order. If a hash policy has the
                                  “terminal” attribute

                                  set to true, and there is already a hash
                                  generated, the hash is returned immediately,

                                  ignoring the rest of the hash policy list.
                                items:
                                  properties:
                                    connection:
                                      properties:
                                        sourceIP:
                                          description: Hash on source IP address.
                                          type: boolean
                                      type: object
                                    cookie:
                                      properties:
                                        name:
                                          description: >-
                                            The name of the cookie that will be used
                                            to obtain the hash key.
                                          minLength: 1
                                          type: string
                                        path:
                                          description: The name of the path for the cookie.
                                          type: string
                                        ttl:
                                          description: >-
                                            If specified, a cookie with the TTL will
                                            be generated if the cookie is not
                                            present.
                                          type: string
                                      required:
                                        - name
                                      type: object
                                    filterState:
                                      properties:
                                        key:
                                          description: >-
                                            The name of the Object in the
                                            per-request filterState, which is

                                            an Envoy::Hashable object. If there is
                                            no data associated with the key,

                                            or the stored object is not
                                            Envoy::Hashable, no hash will be
                                            produced.
                                          minLength: 1
                                          type: string
                                      required:
                                        - key
                                      type: object
                                    header:
                                      properties:
                                        name:
                                          description: >-
                                            The name of the request header that will
                                            be used to obtain the hash key.
                                          minLength: 1
                                          type: string
                                      required:
                                        - name
                                      type: object
                                    queryParameter:
                                      properties:
                                        name:
                                          description: >-
                                            The name of the URL query parameter that
                                            will be used to obtain the hash key.

                                            If the parameter is not present, no hash
                                            will be produced. Query parameter names

                                            are case-sensitive.
                                          minLength: 1
                                          type: string
                                      required:
                                        - name
                                      type: object
                                    terminal:
                                      description: >-
                                        Terminal is a flag that short-circuits
                                        the hash computing. This field provides

                                        a ‘fallback’ style of configuration: “if
                                        a terminal policy doesn’t work, fallback

                                        to rest of the policy list”, it saves
                                        time when the terminal policy works.

                                        If true, and there is already a hash
                                        computed, ignore rest of the list of
                                        hash polices.
                                      type: boolean
                                    type:
                                      enum:
                                        - Header
                                        - Cookie
                                        - SourceIP
                                        - QueryParameter
                                        - FilterState
                                      type: string
                                  required:
                                    - type
                                  type: object
                                type: array
                              tableSize:
                                description: >-
                                  The table size for Maglev hashing. Maglev aims
                                  for “minimal disruption”

                                  rather than an absolute guarantee. Minimal
                                  disruption means that when

                                  the set of upstream hosts change, a connection
                                  will likely be sent

                                  to the same upstream as it was before.
                                  Increasing the table size reduces

                                  the amount of disruption. The table size must
                                  be prime number limited to 5000011.

                                  If it is not specified, the default is 65537.
                                format: int32
                                maximum: 5000011
                                minimum: 1
                                type: integer
                            type: object
                          random:
                            description: >-
                              Random selects a random available host. The random
                              load balancer generally

                              performs better than round-robin if no health
                              checking policy is configured.

                              Random selection avoids bias towards the host in
                              the set that comes after a failed host.
                            type: object
                          ringHash:
                            description: >-
                              RingHash  implements consistent hashing to
                              upstream hosts. Each host is mapped

                              onto a circle (the “ring”) by hashing its address;
                              each request is then routed

                              to a host by hashing some property of the request,
                              and finding the nearest

                              corresponding host clockwise around the ring.
                            properties:
                              hashFunction:
                                description: >-
                                  HashFunction is a function used to hash hosts
                                  onto the ketama ring.

                                  The value defaults to XX_HASH. Available
                                  values – XX_HASH, MURMUR_HASH_2.
                                enum:
                                  - XXHash
                                  - MurmurHash2
                                type: string
                              hashPolicies:
                                description: >-
                                  HashPolicies specify a list of
                                  request/connection properties that are used to
                                  calculate a hash.

                                  These hash policies are executed in the
                                  specified order. If a hash policy has the
                                  “terminal” attribute

                                  set to true, and there is already a hash
                                  generated, the hash is returned immediately,

                                  ignoring the rest of the hash policy list.
                                items:
                                  properties:
                                    connection:
                                      properties:
                                        sourceIP:
                                          description: Hash on source IP address.
                                          type: boolean
                                      type: object
                                    cookie:
                                      properties:
                                        name:
                                          description: >-
                                            The name of the cookie that will be used
                                            to obtain the hash key.
                                          minLength: 1
                                          type: string
                                        path:
                                          description: The name of the path for the cookie.
                                          type: string
                                        ttl:
                                          description: >-
                                            If specified, a cookie with the TTL will
                                            be generated if the cookie is not
                                            present.
                                          type: string
                                      required:
                                        - name
                                      type: object
                                    filterState:
                                      properties:
                                        key:
                                          description: >-
                                            The name of the Object in the
                                            per-request filterState, which is

                                            an Envoy::Hashable object. If there is
                                            no data associated with the key,

                                            or the stored object is not
                                            Envoy::Hashable, no hash will be
                                            produced.
                                          minLength: 1
                                          type: string
                                      required:
                                        - key
                                      type: object
                                    header:
                                      properties:
                                        name:
                                          description: >-
                                            The name of the request header that will
                                            be used to obtain the hash key.
                                          minLength: 1
                                          type: string
                                      required:
                                        - name
                                      type: object
                                    queryParameter:
                                      properties:
                                        name:
                                          description: >-
                                            The name of the URL query parameter that
                                            will be used to obtain the hash key.

                                            If the parameter is not present, no hash
                                            will be produced. Query parameter names

                                            are case-sensitive.
                                          minLength: 1
                                          type: string
                                      required:
                                        - name
                                      type: object
                                    terminal:
                                      description: >-
                                        Terminal is a flag that short-circuits
                                        the hash computing. This field provides

                                        a ‘fallback’ style of configuration: “if
                                        a terminal policy doesn’t work, fallback

                                        to rest of the policy list”, it saves
                                        time when the terminal policy works.

                                        If true, and there is already a hash
                                        computed, ignore rest of the list of
                                        hash polices.
                                      type: boolean
                                    type:
                                      enum:
                                        - Header
                                        - Cookie
                                        - SourceIP
                                        - QueryParameter
                                        - FilterState
                                      type: string
                                  required:
                                    - type
                                  type: object
                                type: array
                              maxRingSize:
                                description: >-
                                  Maximum hash ring size. Defaults to 8M
                                  entries, and limited to 8M entries,

                                  but can be lowered to further constrain
                                  resource use.
                                format: int32
                                maximum: 8000000
                                minimum: 1
                                type: integer
                              minRingSize:
                                description: >-
                                  Minimum hash ring size. The larger the ring is
                                  (that is,

                                  the more hashes there are for each provided
                                  host) the better the request distribution

                                  will reflect the desired weights. Defaults to
                                  1024 entries, and limited to 8M entries.
                                format: int32
                                maximum: 8000000
                                minimum: 1
                                type: integer
                            type: object
                          roundRobin:
                            description: >-
                              RoundRobin is a load balancing algorithm that
                              distributes requests

                              across available upstream hosts in round-robin
                              order.
                            type: object
                          type:
                            enum:
                              - RoundRobin
                              - LeastRequest
                              - RingHash
                              - Random
                              - Maglev
                            type: string
                        required:
                          - type
                        type: object
                      localityAwareness:
                        description: >-
                          LocalityAwareness contains configuration for locality
                          aware load balancing.
                        properties:
                          crossZone:
                            description: >-
                              CrossZone defines locality aware load balancing
                              priorities when dataplane proxies inside local
                              zone

                              are unavailable
                            properties:
                              failover:
                                description: >-
                                  Failover defines list of load balancing rules
                                  in order of priority
                                items:
                                  properties:
                                    from:
                                      description: >-
                                        From defines the list of zones to which
                                        the rule applies
                                      properties:
                                        zones:
                                          items:
                                            type: string
                                          type: array
                                      required:
                                        - zones
                                      type: object
                                    to:
                                      description: >-
                                        To defines to which zones the traffic
                                        should be load balanced
                                      properties:
                                        type:
                                          description: >-
                                            Type defines how target zones will be
                                            picked from available zones
                                          enum:
                                            - None
                                            - Only
                                            - Any
                                            - AnyExcept
                                          type: string
                                        zones:
                                          items:
                                            type: string
                                          type: array
                                      required:
                                        - type
                                      type: object
                                  required:
                                    - to
                                  type: object
                                type: array
                              failoverThreshold:
                                description: >-
                                  FailoverThreshold defines the percentage of
                                  live destination dataplane proxies below which
                                  load balancing to the

                                  next priority starts.

                                  Example: If you configure failoverThreshold to
                                  70, and you have deployed 10 destination
                                  dataplane proxies.

                                  Load balancing to next priority will start
                                  when number of live destination dataplane
                                  proxies drops below 7.

                                  Default 50
                                properties:
                                  percentage:
                                    anyOf:
                                      - type: integer
                                      - type: string
                                    x-kubernetes-int-or-string: true
                                required:
                                  - percentage
                                type: object
                            type: object
                          disabled:
                            description: >-
                              Disabled allows to disable locality-aware load
                              balancing.

                              When disabled requests are distributed across all
                              endpoints regardless of locality.
                            type: boolean
                          localZone:
                            description: >-
                              LocalZone defines locality aware load balancing
                              priorities between dataplane proxies inside a zone
                            properties:
                              affinityTags:
                                description: >-
                                  AffinityTags list of tags for local zone load
                                  balancing.
                                items:
                                  properties:
                                    key:
                                      description: >-
                                        Key defines tag for which affinity is
                                        configured
                                      type: string
                                    weight:
                                      description: >-
                                        Weight of the tag used for load
                                        balancing. The bigger the weight the
                                        bigger the priority.

                                        Percentage of local traffic load
                                        balanced to tag is computed by dividing
                                        weight by sum of weights from all tags.

                                        For example with two affinity tags first
                                        with weight 80 and second with weight
                                        20,

                                        then 80% of traffic will be redirected
                                        to the first tag, and 20% of traffic
                                        will be redirected to second one.

                                        Setting weights is not mandatory. When
                                        weights are not set control plane will
                                        compute default weight based on list
                                        order.

                                        Default: If you do not specify weight we
                                        will adjust them so that 90% traffic
                                        goes to first tag, 9% to next, and 1% to
                                        third and so on.
                                      format: int32
                                      type: integer
                                  required:
                                    - key
                                  type: object
                                type: array
                            type: object
                        type: object
                    type: object
                  targetRef:
                    description: >-
                      TargetRef is a reference to the resource that represents a
                      group of

                      destinations.
                    properties:
                      kind:
                        description: Kind of the referenced resource
                        enum:
                          - Mesh
                          - MeshSubset
                          - MeshGateway
                          - MeshService
                          - MeshServiceSubset
                          - MeshHTTPRoute
                        type: string
                      mesh:
                        description: >-
                          Mesh is reserved for future use to identify cross mesh
                          resources.
                        type: string
                      name:
                        description: >-
                          Name of the referenced resource. Can only be used with
                          kinds: `MeshService`,

                          `MeshServiceSubset` and `MeshGatewayRoute`
                        type: string
                      proxyTypes:
                        description: >-
                          ProxyTypes specifies the data plane types that are
                          subject to the policy. When not specified,

                          all data plane types are targeted by the policy.
                        items:
                          enum:
                            - Sidecar
                            - Gateway
                          type: string
                        minItems: 1
                        type: array
                      tags:
                        additionalProperties:
                          type: string
                        description: >-
                          Tags used to select a subset of proxies by tags. Can
                          only be used with kinds

                          `MeshSubset` and `MeshServiceSubset`
                        type: object
                    type: object
                required:
                  - targetRef
                type: object
              type: array
          required:
            - targetRef
          type: object
    MeshMetricItem:
      type: object
      properties:
        type:
          description: the type of the resource
          type: string
          enum:
            - MeshMetric
        mesh:
          description: >-
            Mesh is the name of the Kuma mesh this resource belongs to. It may
            be omitted for cluster-scoped resources.
          type: string
          default: default
        name:
          description: Name of the Kuma resource
          type: string
        spec:
          description: Spec is the specification of the Kuma MeshMetric resource.
          properties:
            default:
              description: MeshMetric configuration.
              properties:
                applications:
                  description: >-
                    Applications is a list of application that Dataplane Proxy
                    will scrape
                  items:
                    properties:
                      address:
                        description: Address on which an application listens.
                        type: string
                      name:
                        description: Name of the application to scrape
                        type: string
                      path:
                        default: /metrics/prometheus
                        description: >-
                          Path on which an application expose HTTP endpoint with
                          metrics.
                        type: string
                      port:
                        description: >-
                          Port on which an application expose HTTP endpoint with
                          metrics.
                        format: int32
                        type: integer
                    required:
                      - port
                    type: object
                  type: array
                backends:
                  description: Backends list that will be used to collect metrics.
                  items:
                    properties:
                      openTelemetry:
                        description: OpenTelemetry backend configuration
                        properties:
                          endpoint:
                            description: Endpoint for OpenTelemetry collector
                            type: string
                        required:
                          - endpoint
                        type: object
                      prometheus:
                        description: Prometheus backend configuration.
                        properties:
                          clientId:
                            description: >-
                              ClientId of the Prometheus backend. Needed when
                              using MADS for DP discovery.
                            type: string
                          path:
                            default: /metrics
                            description: >-
                              Path on which a dataplane should expose HTTP
                              endpoint with Prometheus metrics.
                            type: string
                          port:
                            default: 5670
                            description: >-
                              Port on which a dataplane should expose HTTP
                              endpoint with Prometheus metrics.
                            format: int32
                            type: integer
                          tls:
                            description: Configuration of TLS for prometheus listener.
                            properties:
                              mode:
                                default: Disabled
                                description: Configuration of TLS for Prometheus listener.
                                enum:
                                  - Disabled
                                  - ProvidedTLS
                                  - ActiveMTLSBackend
                                type: string
                            required:
                              - mode
                            type: object
                        required:
                          - path
                          - port
                        type: object
                      type:
                        description: >-
                          Type of the backend that will be used to collect
                          metrics. At the moment only Prometheus backend is
                          available.
                        enum:
                          - Prometheus
                          - OpenTelemetry
                        type: string
                    required:
                      - type
                    type: object
                  type: array
                sidecar:
                  description: Sidecar metrics collection configuration
                  properties:
                    includeUnused:
                      default: false
                      description: >-
                        IncludeUnused if false will scrape only metrics that has
                        been by sidecar (counters incremented

                        at least once, gauges changed at least once, and
                        histograms added to at

                        least once). If true will scrape all metrics (even the
                        ones with zeros).
                      type: boolean
                    regex:
                      description: >-
                        Regex that will be used to filter sidecar metrics. It
                        uses Google RE2 engine https://github.com/google/re2
                      type: string
                  type: object
              type: object
            targetRef:
              description: >-
                TargetRef is a reference to the resource the policy takes an
                effect on.

                The resource could be either a real store object or virtual
                resource

                defined in-place.
              properties:
                kind:
                  description: Kind of the referenced resource
                  enum:
                    - Mesh
                    - MeshSubset
                    - MeshGateway
                    - MeshService
                    - MeshServiceSubset
                    - MeshHTTPRoute
                  type: string
                mesh:
                  description: >-
                    Mesh is reserved for future use to identify cross mesh
                    resources.
                  type: string
                name:
                  description: >-
                    Name of the referenced resource. Can only be used with
                    kinds: `MeshService`,

                    `MeshServiceSubset` and `MeshGatewayRoute`
                  type: string
                proxyTypes:
                  description: >-
                    ProxyTypes specifies the data plane types that are subject
                    to the policy. When not specified,

                    all data plane types are targeted by the policy.
                  items:
                    enum:
                      - Sidecar
                      - Gateway
                    type: string
                  minItems: 1
                  type: array
                tags:
                  additionalProperties:
                    type: string
                  description: >-
                    Tags used to select a subset of proxies by tags. Can only be
                    used with kinds

                    `MeshSubset` and `MeshServiceSubset`
                  type: object
              type: object
          required:
            - targetRef
          type: object
    MeshProxyPatchItem:
      type: object
      properties:
        type:
          description: the type of the resource
          type: string
          enum:
            - MeshProxyPatch
        mesh:
          description: >-
            Mesh is the name of the Kuma mesh this resource belongs to. It may
            be omitted for cluster-scoped resources.
          type: string
          default: default
        name:
          description: Name of the Kuma resource
          type: string
        spec:
          description: Spec is the specification of the Kuma MeshProxyPatch resource.
          properties:
            default:
              description: |-
                Default is a configuration specific to the group of destinations
                referenced in 'targetRef'.
              properties:
                appendModifications:
                  description: >-
                    AppendModifications is a list of modifications applied on
                    the selected proxy.
                  items:
                    properties:
                      cluster:
                        description: Cluster is a modification of Envoy's Cluster resource.
                        properties:
                          jsonPatches:
                            description: >-
                              JsonPatches specifies list of jsonpatches to apply
                              to on Envoy's Cluster

                              resource
                            items:
                              description: >-
                                JsonPatchBlock is one json patch operation
                                block.
                              properties:
                                from:
                                  description: >-
                                    From is a jsonpatch from string, used by
                                    move and copy operations.
                                  type: string
                                op:
                                  description: Op is a jsonpatch operation string.
                                  enum:
                                    - add
                                    - remove
                                    - replace
                                    - move
                                    - copy
                                  type: string
                                path:
                                  description: Path is a jsonpatch path string.
                                  type: string
                                value:
                                  description: >-
                                    Value must be a valid json value used by
                                    replace and add operations.
                                  x-kubernetes-preserve-unknown-fields: true
                              required:
                                - op
                                - path
                              type: object
                            type: array
                          match:
                            description: >-
                              Match is a set of conditions that have to be
                              matched for modification operation to happen.
                            properties:
                              name:
                                description: Name of the cluster to match.
                                type: string
                              origin:
                                description: >-
                                  Origin is the name of the component or plugin
                                  that generated the resource.



                                  Here is the list of well-known origins:

                                  inbound - resources generated for handling
                                  incoming traffic.

                                  outbound - resources generated for handling
                                  outgoing traffic.

                                  transparent - resources generated for
                                  transparent proxy functionality.

                                  prometheus - resources generated when
                                  Prometheus metrics are enabled.

                                  direct-access - resources generated for Direct
                                  Access functionality.

                                  ingress - resources generated for Zone
                                  Ingress.

                                  egress - resources generated for Zone Egress.

                                  gateway - resources generated for MeshGateway.



                                  The list is not complete, because policy
                                  plugins can introduce new resources.

                                  For example MeshTrace plugin can create
                                  Cluster with "mesh-trace" origin.
                                type: string
                            type: object
                          operation:
                            description: Operation to execute on matched cluster.
                            enum:
                              - Add
                              - Remove
                              - Patch
                            type: string
                          value:
                            description: >-
                              Value of xDS resource in YAML format to add or
                              patch.
                            type: string
                        required:
                          - operation
                        type: object
                      httpFilter:
                        description: >-
                          HTTPFilter is a modification of Envoy HTTP Filter

                          available in HTTP Connection Manager in a Listener
                          resource.
                        properties:
                          jsonPatches:
                            description: >-
                              JsonPatches specifies list of jsonpatches to apply
                              to on Envoy's

                              HTTP Filter available in HTTP Connection Manager
                              in a Listener resource.
                            items:
                              description: >-
                                JsonPatchBlock is one json patch operation
                                block.
                              properties:
                                from:
                                  description: >-
                                    From is a jsonpatch from string, used by
                                    move and copy operations.
                                  type: string
                                op:
                                  description: Op is a jsonpatch operation string.
                                  enum:
                                    - add
                                    - remove
                                    - replace
                                    - move
                                    - copy
                                  type: string
                                path:
                                  description: Path is a jsonpatch path string.
                                  type: string
                                value:
                                  description: >-
                                    Value must be a valid json value used by
                                    replace and add operations.
                                  x-kubernetes-preserve-unknown-fields: true
                              required:
                                - op
                                - path
                              type: object
                            type: array
                          match:
                            description: >-
                              Match is a set of conditions that have to be
                              matched for modification operation to happen.
                            properties:
                              listenerName:
                                description: Name of the listener to match.
                                type: string
                              listenerTags:
                                additionalProperties:
                                  type: string
                                description: >-
                                  Listener tags available in
                                  Listener#Metadata#FilterMetadata[io.kuma.tags]
                                type: object
                              name:
                                description: >-
                                  Name of the HTTP filter. For example
                                  "envoy.filters.http.local_ratelimit"
                                type: string
                              origin:
                                description: >-
                                  Origin is the name of the component or plugin
                                  that generated the resource.



                                  Here is the list of well-known origins:

                                  inbound - resources generated for handling
                                  incoming traffic.

                                  outbound - resources generated for handling
                                  outgoing traffic.

                                  transparent - resources generated for
                                  transparent proxy functionality.

                                  prometheus - resources generated when
                                  Prometheus metrics are enabled.

                                  direct-access - resources generated for Direct
                                  Access functionality.

                                  ingress - resources generated for Zone
                                  Ingress.

                                  egress - resources generated for Zone Egress.

                                  gateway - resources generated for MeshGateway.



                                  The list is not complete, because policy
                                  plugins can introduce new resources.

                                  For example MeshTrace plugin can create
                                  Cluster with "mesh-trace" origin.
                                type: string
                            type: object
                          operation:
                            description: Operation to execute on matched listener.
                            enum:
                              - Remove
                              - Patch
                              - AddFirst
                              - AddBefore
                              - AddAfter
                              - AddLast
                            type: string
                          value:
                            description: >-
                              Value of xDS resource in YAML format to add or
                              patch.
                            type: string
                        required:
                          - operation
                        type: object
                      listener:
                        description: >-
                          Listener is a modification of Envoy's Listener
                          resource.
                        properties:
                          jsonPatches:
                            description: >-
                              JsonPatches specifies list of jsonpatches to apply
                              to on Envoy's Listener

                              resource
                            items:
                              description: >-
                                JsonPatchBlock is one json patch operation
                                block.
                              properties:
                                from:
                                  description: >-
                                    From is a jsonpatch from string, used by
                                    move and copy operations.
                                  type: string
                                op:
                                  description: Op is a jsonpatch operation string.
                                  enum:
                                    - add
                                    - remove
                                    - replace
                                    - move
                                    - copy
                                  type: string
                                path:
                                  description: Path is a jsonpatch path string.
                                  type: string
                                value:
                                  description: >-
                                    Value must be a valid json value used by
                                    replace and add operations.
                                  x-kubernetes-preserve-unknown-fields: true
                              required:
                                - op
                                - path
                              type: object
                            type: array
                          match:
                            description: >-
                              Match is a set of conditions that have to be
                              matched for modification operation to happen.
                            properties:
                              name:
                                description: Name of the listener to match.
                                type: string
                              origin:
                                description: >-
                                  Origin is the name of the component or plugin
                                  that generated the resource.



                                  Here is the list of well-known origins:

                                  inbound - resources generated for handling
                                  incoming traffic.

                                  outbound - resources generated for handling
                                  outgoing traffic.

                                  transparent - resources generated for
                                  transparent proxy functionality.

                                  prometheus - resources generated when
                                  Prometheus metrics are enabled.

                                  direct-access - resources generated for Direct
                                  Access functionality.

                                  ingress - resources generated for Zone
                                  Ingress.

                                  egress - resources generated for Zone Egress.

                                  gateway - resources generated for MeshGateway.



                                  The list is not complete, because policy
                                  plugins can introduce new resources.

                                  For example MeshTrace plugin can create
                                  Cluster with "mesh-trace" origin.
                                type: string
                              tags:
                                additionalProperties:
                                  type: string
                                description: >-
                                  Tags available in
                                  Listener#Metadata#FilterMetadata[io.kuma.tags]
                                type: object
                            type: object
                          operation:
                            description: Operation to execute on matched listener.
                            enum:
                              - Add
                              - Remove
                              - Patch
                            type: string
                          value:
                            description: >-
                              Value of xDS resource in YAML format to add or
                              patch.
                            type: string
                        required:
                          - operation
                        type: object
                      networkFilter:
                        description: >-
                          NetworkFilter is a modification of Envoy Listener's
                          filter.
                        properties:
                          jsonPatches:
                            description: >-
                              JsonPatches specifies list of jsonpatches to apply
                              to on Envoy Listener's

                              filter.
                            items:
                              description: >-
                                JsonPatchBlock is one json patch operation
                                block.
                              properties:
                                from:
                                  description: >-
                                    From is a jsonpatch from string, used by
                                    move and copy operations.
                                  type: string
                                op:
                                  description: Op is a jsonpatch operation string.
                                  enum:
                                    - add
                                    - remove
                                    - replace
                                    - move
                                    - copy
                                  type: string
                                path:
                                  description: Path is a jsonpatch path string.
                                  type: string
                                value:
                                  description: >-
                                    Value must be a valid json value used by
                                    replace and add operations.
                                  x-kubernetes-preserve-unknown-fields: true
                              required:
                                - op
                                - path
                              type: object
                            type: array
                          match:
                            description: >-
                              Match is a set of conditions that have to be
                              matched for modification operation to happen.
                            properties:
                              listenerName:
                                description: Name of the listener to match.
                                type: string
                              listenerTags:
                                additionalProperties:
                                  type: string
                                description: >-
                                  Listener tags available in
                                  Listener#Metadata#FilterMetadata[io.kuma.tags]
                                type: object
                              name:
                                description: >-
                                  Name of the network filter. For example
                                  "envoy.filters.network.ratelimit"
                                type: string
                              origin:
                                description: >-
                                  Origin is the name of the component or plugin
                                  that generated the resource.



                                  Here is the list of well-known origins:

                                  inbound - resources generated for handling
                                  incoming traffic.

                                  outbound - resources generated for handling
                                  outgoing traffic.

                                  transparent - resources generated for
                                  transparent proxy functionality.

                                  prometheus - resources generated when
                                  Prometheus metrics are enabled.

                                  direct-access - resources generated for Direct
                                  Access functionality.

                                  ingress - resources generated for Zone
                                  Ingress.

                                  egress - resources generated for Zone Egress.

                                  gateway - resources generated for MeshGateway.



                                  The list is not complete, because policy
                                  plugins can introduce new resources.

                                  For example MeshTrace plugin can create
                                  Cluster with "mesh-trace" origin.
                                type: string
                            type: object
                          operation:
                            description: Operation to execute on matched listener.
                            enum:
                              - Remove
                              - Patch
                              - AddFirst
                              - AddBefore
                              - AddAfter
                              - AddLast
                            type: string
                          value:
                            description: >-
                              Value of xDS resource in YAML format to add or
                              patch.
                            type: string
                        required:
                          - operation
                        type: object
                      virtualHost:
                        description: >-
                          VirtualHost is a modification of Envoy's VirtualHost

                          referenced in HTTP Connection Manager in a Listener
                          resource.
                        properties:
                          jsonPatches:
                            description: >-
                              JsonPatches specifies list of jsonpatches to apply
                              to on Envoy's

                              VirtualHost resource
                            items:
                              description: >-
                                JsonPatchBlock is one json patch operation
                                block.
                              properties:
                                from:
                                  description: >-
                                    From is a jsonpatch from string, used by
                                    move and copy operations.
                                  type: string
                                op:
                                  description: Op is a jsonpatch operation string.
                                  enum:
                                    - add
                                    - remove
                                    - replace
                                    - move
                                    - copy
                                  type: string
                                path:
                                  description: Path is a jsonpatch path string.
                                  type: string
                                value:
                                  description: >-
                                    Value must be a valid json value used by
                                    replace and add operations.
                                  x-kubernetes-preserve-unknown-fields: true
                              required:
                                - op
                                - path
                              type: object
                            type: array
                          match:
                            description: >-
                              Match is a set of conditions that have to be
                              matched for modification operation to happen.
                            properties:
                              name:
                                description: Name of the VirtualHost to match.
                                type: string
                              origin:
                                description: >-
                                  Origin is the name of the component or plugin
                                  that generated the resource.



                                  Here is the list of well-known origins:

                                  inbound - resources generated for handling
                                  incoming traffic.

                                  outbound - resources generated for handling
                                  outgoing traffic.

                                  transparent - resources generated for
                                  transparent proxy functionality.

                                  prometheus - resources generated when
                                  Prometheus metrics are enabled.

                                  direct-access - resources generated for Direct
                                  Access functionality.

                                  ingress - resources generated for Zone
                                  Ingress.

                                  egress - resources generated for Zone Egress.

                                  gateway - resources generated for MeshGateway.



                                  The list is not complete, because policy
                                  plugins can introduce new resources.

                                  For example MeshTrace plugin can create
                                  Cluster with "mesh-trace" origin.
                                type: string
                              routeConfigurationName:
                                description: >-
                                  Name of the RouteConfiguration resource to
                                  match.
                                type: string
                            type: object
                          operation:
                            description: Operation to execute on matched listener.
                            enum:
                              - Add
                              - Remove
                              - Patch
                            type: string
                          value:
                            description: >-
                              Value of xDS resource in YAML format to add or
                              patch.
                            type: string
                        required:
                          - match
                          - operation
                        type: object
                    type: object
                  type: array
              required:
                - appendModifications
              type: object
            targetRef:
              description: >-
                TargetRef is a reference to the resource the policy takes an
                effect on.

                The resource could be either a real store object or virtual
                resource

                defined inplace.
              properties:
                kind:
                  description: Kind of the referenced resource
                  enum:
                    - Mesh
                    - MeshSubset
                    - MeshGateway
                    - MeshService
                    - MeshServiceSubset
                    - MeshHTTPRoute
                  type: string
                mesh:
                  description: >-
                    Mesh is reserved for future use to identify cross mesh
                    resources.
                  type: string
                name:
                  description: >-
                    Name of the referenced resource. Can only be used with
                    kinds: `MeshService`,

                    `MeshServiceSubset` and `MeshGatewayRoute`
                  type: string
                proxyTypes:
                  description: >-
                    ProxyTypes specifies the data plane types that are subject
                    to the policy. When not specified,

                    all data plane types are targeted by the policy.
                  items:
                    enum:
                      - Sidecar
                      - Gateway
                    type: string
                  minItems: 1
                  type: array
                tags:
                  additionalProperties:
                    type: string
                  description: >-
                    Tags used to select a subset of proxies by tags. Can only be
                    used with kinds

                    `MeshSubset` and `MeshServiceSubset`
                  type: object
              type: object
          required:
            - default
            - targetRef
          type: object
    MeshRateLimitItem:
      type: object
      properties:
        type:
          description: the type of the resource
          type: string
          enum:
            - MeshRateLimit
        mesh:
          description: >-
            Mesh is the name of the Kuma mesh this resource belongs to. It may
            be omitted for cluster-scoped resources.
          type: string
          default: default
        name:
          description: Name of the Kuma resource
          type: string
        spec:
          description: Spec is the specification of the Kuma MeshRateLimit resource.
          properties:
            from:
              description: >-
                From list makes a match between clients and corresponding
                configurations
              items:
                properties:
                  default:
                    description: >-
                      Default is a configuration specific to the group of
                      clients referenced in

                      'targetRef'
                    properties:
                      local:
                        description: >-
                          LocalConf defines local http or/and tcp rate limit
                          configuration
                        properties:
                          http:
                            description: >-
                              LocalHTTP defines confguration of local HTTP rate
                              limiting

                              https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/local_rate_limit_filter
                            properties:
                              disabled:
                                description: Define if rate limiting should be disabled.
                                type: boolean
                              onRateLimit:
                                description: >-
                                  Describes the actions to take on a rate limit
                                  event
                                properties:
                                  headers:
                                    description: >-
                                      The Headers to be added to the HTTP
                                      response on a rate limit event
                                    properties:
                                      add:
                                        items:
                                          properties:
                                            name:
                                              maxLength: 256
                                              minLength: 1
                                              pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$
                                              type: string
                                            value:
                                              type: string
                                          required:
                                            - name
                                            - value
                                          type: object
                                        maxItems: 16
                                        type: array
                                        x-kubernetes-list-map-keys:
                                          - name
                                        x-kubernetes-list-type: map
                                      set:
                                        items:
                                          properties:
                                            name:
                                              maxLength: 256
                                              minLength: 1
                                              pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$
                                              type: string
                                            value:
                                              type: string
                                          required:
                                            - name
                                            - value
                                          type: object
                                        maxItems: 16
                                        type: array
                                        x-kubernetes-list-map-keys:
                                          - name
                                        x-kubernetes-list-type: map
                                    type: object
                                  status:
                                    description: >-
                                      The HTTP status code to be set on a rate
                                      limit event
                                    format: int32
                                    type: integer
                                type: object
                              requestRate:
                                description: >-
                                  Defines how many requests are allowed per
                                  interval.
                                properties:
                                  interval:
                                    description: >-
                                      The interval the number of units is
                                      accounted for.
                                    type: string
                                  num:
                                    description: >-
                                      Number of units per interval (depending on
                                      usage it can be a number of requests,

                                      or a number of connections).
                                    format: int32
                                    type: integer
                                required:
                                  - interval
                                  - num
                                type: object
                            type: object
                          tcp:
                            description: >-
                              LocalTCP defines confguration of local TCP rate
                              limiting

                              https://www.envoyproxy.io/docs/envoy/latest/configuration/listeners/network_filters/local_rate_limit_filter
                            properties:
                              connectionRate:
                                description: >-
                                  Defines how many connections are allowed per
                                  interval.
                                properties:
                                  interval:
                                    description: >-
                                      The interval the number of units is
                                      accounted for.
                                    type: string
                                  num:
                                    description: >-
                                      Number of units per interval (depending on
                                      usage it can be a number of requests,

                                      or a number of connections).
                                    format: int32
                                    type: integer
                                required:
                                  - interval
                                  - num
                                type: object
                              disabled:
                                description: |-
                                  Define if rate limiting should be disabled.
                                  Default: false
                                type: boolean
                            type: object
                        type: object
                    type: object
                  targetRef:
                    description: >-
                      TargetRef is a reference to the resource that represents a
                      group of

                      clients.
                    properties:
                      kind:
                        description: Kind of the referenced resource
                        enum:
                          - Mesh
                          - MeshSubset
                          - MeshGateway
                          - MeshService
                          - MeshServiceSubset
                          - MeshHTTPRoute
                        type: string
                      mesh:
                        description: >-
                          Mesh is reserved for future use to identify cross mesh
                          resources.
                        type: string
                      name:
                        description: >-
                          Name of the referenced resource. Can only be used with
                          kinds: `MeshService`,

                          `MeshServiceSubset` and `MeshGatewayRoute`
                        type: string
                      proxyTypes:
                        description: >-
                          ProxyTypes specifies the data plane types that are
                          subject to the policy. When not specified,

                          all data plane types are targeted by the policy.
                        items:
                          enum:
                            - Sidecar
                            - Gateway
                          type: string
                        minItems: 1
                        type: array
                      tags:
                        additionalProperties:
                          type: string
                        description: >-
                          Tags used to select a subset of proxies by tags. Can
                          only be used with kinds

                          `MeshSubset` and `MeshServiceSubset`
                        type: object
                    type: object
                required:
                  - targetRef
                type: object
              type: array
            targetRef:
              description: >-
                TargetRef is a reference to the resource the policy takes an
                effect on.

                The resource could be either a real store object or virtual
                resource

                defined inplace.
              properties:
                kind:
                  description: Kind of the referenced resource
                  enum:
                    - Mesh
                    - MeshSubset
                    - MeshGateway
                    - MeshService
                    - MeshServiceSubset
                    - MeshHTTPRoute
                  type: string
                mesh:
                  description: >-
                    Mesh is reserved for future use to identify cross mesh
                    resources.
                  type: string
                name:
                  description: >-
                    Name of the referenced resource. Can only be used with
                    kinds: `MeshService`,

                    `MeshServiceSubset` and `MeshGatewayRoute`
                  type: string
                proxyTypes:
                  description: >-
                    ProxyTypes specifies the data plane types that are subject
                    to the policy. When not specified,

                    all data plane types are targeted by the policy.
                  items:
                    enum:
                      - Sidecar
                      - Gateway
                    type: string
                  minItems: 1
                  type: array
                tags:
                  additionalProperties:
                    type: string
                  description: >-
                    Tags used to select a subset of proxies by tags. Can only be
                    used with kinds

                    `MeshSubset` and `MeshServiceSubset`
                  type: object
              type: object
            to:
              description: >-
                To list makes a match between clients and corresponding
                configurations
              items:
                properties:
                  default:
                    description: >-
                      Default is a configuration specific to the group of
                      clients referenced in

                      'targetRef'
                    properties:
                      local:
                        description: >-
                          LocalConf defines local http or/and tcp rate limit
                          configuration
                        properties:
                          http:
                            description: >-
                              LocalHTTP defines confguration of local HTTP rate
                              limiting

                              https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/local_rate_limit_filter
                            properties:
                              disabled:
                                description: Define if rate limiting should be disabled.
                                type: boolean
                              onRateLimit:
                                description: >-
                                  Describes the actions to take on a rate limit
                                  event
                                properties:
                                  headers:
                                    description: >-
                                      The Headers to be added to the HTTP
                                      response on a rate limit event
                                    properties:
                                      add:
                                        items:
                                          properties:
                                            name:
                                              maxLength: 256
                                              minLength: 1
                                              pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$
                                              type: string
                                            value:
                                              type: string
                                          required:
                                            - name
                                            - value
                                          type: object
                                        maxItems: 16
                                        type: array
                                        x-kubernetes-list-map-keys:
                                          - name
                                        x-kubernetes-list-type: map
                                      set:
                                        items:
                                          properties:
                                            name:
                                              maxLength: 256
                                              minLength: 1
                                              pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$
                                              type: string
                                            value:
                                              type: string
                                          required:
                                            - name
                                            - value
                                          type: object
                                        maxItems: 16
                                        type: array
                                        x-kubernetes-list-map-keys:
                                          - name
                                        x-kubernetes-list-type: map
                                    type: object
                                  status:
                                    description: >-
                                      The HTTP status code to be set on a rate
                                      limit event
                                    format: int32
                                    type: integer
                                type: object
                              requestRate:
                                description: >-
                                  Defines how many requests are allowed per
                                  interval.
                                properties:
                                  interval:
                                    description: >-
                                      The interval the number of units is
                                      accounted for.
                                    type: string
                                  num:
                                    description: >-
                                      Number of units per interval (depending on
                                      usage it can be a number of requests,

                                      or a number of connections).
                                    format: int32
                                    type: integer
                                required:
                                  - interval
                                  - num
                                type: object
                            type: object
                          tcp:
                            description: >-
                              LocalTCP defines confguration of local TCP rate
                              limiting

                              https://www.envoyproxy.io/docs/envoy/latest/configuration/listeners/network_filters/local_rate_limit_filter
                            properties:
                              connectionRate:
                                description: >-
                                  Defines how many connections are allowed per
                                  interval.
                                properties:
                                  interval:
                                    description: >-
                                      The interval the number of units is
                                      accounted for.
                                    type: string
                                  num:
                                    description: >-
                                      Number of units per interval (depending on
                                      usage it can be a number of requests,

                                      or a number of connections).
                                    format: int32
                                    type: integer
                                required:
                                  - interval
                                  - num
                                type: object
                              disabled:
                                description: |-
                                  Define if rate limiting should be disabled.
                                  Default: false
                                type: boolean
                            type: object
                        type: object
                    type: object
                  targetRef:
                    description: >-
                      TargetRef is a reference to the resource that represents a
                      group of

                      clients.
                    properties:
                      kind:
                        description: Kind of the referenced resource
                        enum:
                          - Mesh
                          - MeshSubset
                          - MeshGateway
                          - MeshService
                          - MeshServiceSubset
                          - MeshHTTPRoute
                        type: string
                      mesh:
                        description: >-
                          Mesh is reserved for future use to identify cross mesh
                          resources.
                        type: string
                      name:
                        description: >-
                          Name of the referenced resource. Can only be used with
                          kinds: `MeshService`,

                          `MeshServiceSubset` and `MeshGatewayRoute`
                        type: string
                      proxyTypes:
                        description: >-
                          ProxyTypes specifies the data plane types that are
                          subject to the policy. When not specified,

                          all data plane types are targeted by the policy.
                        items:
                          enum:
                            - Sidecar
                            - Gateway
                          type: string
                        minItems: 1
                        type: array
                      tags:
                        additionalProperties:
                          type: string
                        description: >-
                          Tags used to select a subset of proxies by tags. Can
                          only be used with kinds

                          `MeshSubset` and `MeshServiceSubset`
                        type: object
                    type: object
                required:
                  - targetRef
                type: object
              type: array
          required:
            - targetRef
          type: object
    MeshRetryItem:
      type: object
      properties:
        type:
          description: the type of the resource
          type: string
          enum:
            - MeshRetry
        mesh:
          description: >-
            Mesh is the name of the Kuma mesh this resource belongs to. It may
            be omitted for cluster-scoped resources.
          type: string
          default: default
        name:
          description: Name of the Kuma resource
          type: string
        spec:
          description: Spec is the specification of the Kuma MeshRetry resource.
          properties:
            targetRef:
              description: >-
                TargetRef is a reference to the resource the policy takes an
                effect on.

                The resource could be either a real store object or virtual
                resource

                defined inplace.
              properties:
                kind:
                  description: Kind of the referenced resource
                  enum:
                    - Mesh
                    - MeshSubset
                    - MeshGateway
                    - MeshService
                    - MeshServiceSubset
                    - MeshHTTPRoute
                  type: string
                mesh:
                  description: >-
                    Mesh is reserved for future use to identify cross mesh
                    resources.
                  type: string
                name:
                  description: >-
                    Name of the referenced resource. Can only be used with
                    kinds: `MeshService`,

                    `MeshServiceSubset` and `MeshGatewayRoute`
                  type: string
                proxyTypes:
                  description: >-
                    ProxyTypes specifies the data plane types that are subject
                    to the policy. When not specified,

                    all data plane types are targeted by the policy.
                  items:
                    enum:
                      - Sidecar
                      - Gateway
                    type: string
                  minItems: 1
                  type: array
                tags:
                  additionalProperties:
                    type: string
                  description: >-
                    Tags used to select a subset of proxies by tags. Can only be
                    used with kinds

                    `MeshSubset` and `MeshServiceSubset`
                  type: object
              type: object
            to:
              description: >-
                To list makes a match between the consumed services and
                corresponding configurations
              items:
                properties:
                  default:
                    description: >-
                      Default is a configuration specific to the group of
                      destinations referenced in

                      'targetRef'
                    properties:
                      grpc:
                        description: >-
                          GRPC defines a configuration of retries for GRPC
                          traffic
                        properties:
                          backOff:
                            description: >-
                              BackOff is a configuration of durations which will
                              be used in an exponential

                              backoff strategy between retries.
                            properties:
                              baseInterval:
                                default: 25ms
                                description: >-
                                  BaseInterval is an amount of time which should
                                  be taken between retries.

                                  Must be greater than zero. Values less than 1
                                  ms are rounded up to 1 ms.
                                type: string
                              maxInterval:
                                description: >-
                                  MaxInterval is a maximal amount of time which
                                  will be taken between retries.

                                  Default is 10 times the "BaseInterval".
                                type: string
                            type: object
                          numRetries:
                            description: >-
                              NumRetries is the number of attempts that will be
                              made on failed (and

                              retriable) requests. If not set, the default value
                              is 1.
                            format: int32
                            type: integer
                          perTryTimeout:
                            description: >-
                              PerTryTimeout is the maximum amount of time each
                              retry attempt can take

                              before it times out. If not set, the global
                              request timeout for the route

                              will be used. Setting this value to 0 will disable
                              the per-try timeout.
                            type: string
                          rateLimitedBackOff:
                            description: >-
                              RateLimitedBackOff is a configuration of backoff
                              which will be used when

                              the upstream returns one of the headers
                              configured.
                            properties:
                              maxInterval:
                                default: 300s
                                description: >-
                                  MaxInterval is a maximal amount of time which
                                  will be taken between retries.
                                type: string
                              resetHeaders:
                                description: >-
                                  ResetHeaders specifies the list of headers
                                  (like Retry-After or X-RateLimit-Reset)

                                  to match against the response. Headers are
                                  tried in order, and matched

                                  case-insensitive. The first header to be
                                  parsed successfully is used.

                                  If no headers match the default exponential
                                  BackOff is used instead.
                                items:
                                  properties:
                                    format:
                                      description: The format of the reset header.
                                      enum:
                                        - Seconds
                                        - UnixTimestamp
                                      type: string
                                    name:
                                      description: The Name of the reset header.
                                      maxLength: 256
                                      minLength: 1
                                      pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$
                                      type: string
                                  required:
                                    - format
                                    - name
                                  type: object
                                type: array
                            type: object
                          retryOn:
                            description: >-
                              RetryOn is a list of conditions which will cause a
                              retry.
                            example:
                              - Canceled
                              - DeadlineExceeded
                              - Internal
                              - ResourceExhausted
                              - Unavailable
                            items:
                              enum:
                                - Canceled
                                - DeadlineExceeded
                                - Internal
                                - ResourceExhausted
                                - Unavailable
                              type: string
                            type: array
                        type: object
                      http:
                        description: >-
                          HTTP defines a configuration of retries for HTTP
                          traffic
                        properties:
                          backOff:
                            description: >-
                              BackOff is a configuration of durations which will
                              be used in exponential

                              backoff strategy between retries.
                            properties:
                              baseInterval:
                                default: 25ms
                                description: >-
                                  BaseInterval is an amount of time which should
                                  be taken between retries.

                                  Must be greater than zero. Values less than 1
                                  ms are rounded up to 1 ms.
                                type: string
                              maxInterval:
                                description: >-
                                  MaxInterval is a maximal amount of time which
                                  will be taken between retries.

                                  Default is 10 times the "BaseInterval".
                                type: string
                            type: object
                          hostSelection:
                            description: >-
                              HostSelection is a list of predicates that dictate
                              how hosts should be selected

                              when requests are retried.
                            items:
                              properties:
                                predicate:
                                  description: Type is requested predicate mode.
                                  enum:
                                    - OmitPreviousHosts
                                    - OmitHostsWithTags
                                    - OmitPreviousPriorities
                                  type: string
                                tags:
                                  additionalProperties:
                                    type: string
                                  description: >-
                                    Tags is a map of metadata to match against
                                    for selecting the omitted hosts. Required if
                                    Type is

                                    OmitHostsWithTags
                                  type: object
                                updateFrequency:
                                  default: 2
                                  description: >-
                                    UpdateFrequency is how often the priority
                                    load should be updated based on previously
                                    attempted priorities.

                                    Used for OmitPreviousPriorities.
                                  format: int32
                                  type: integer
                              required:
                                - predicate
                              type: object
                            type: array
                          hostSelectionMaxAttempts:
                            description: >-
                              HostSelectionMaxAttempts is the maximum number of
                              times host selection will be

                              reattempted before giving up, at which point the
                              host that was last selected will

                              be routed to. If unspecified, this will default to
                              retrying once.
                            format: int64
                            type: integer
                          numRetries:
                            description: >-
                              NumRetries is the number of attempts that will be
                              made on failed (and

                              retriable) requests.  If not set, the default
                              value is 1.
                            format: int32
                            type: integer
                          perTryTimeout:
                            description: >-
                              PerTryTimeout is the amount of time after which
                              retry attempt should time out.

                              If left unspecified, the global route timeout for
                              the request will be used.

                              Consequently, when using a 5xx based retry policy,
                              a request that times out

                              will not be retried as the total timeout budget
                              would have been exhausted.

                              Setting this timeout to 0 will disable it.
                            type: string
                          rateLimitedBackOff:
                            description: >-
                              RateLimitedBackOff is a configuration of backoff
                              which will be used

                              when the upstream returns one of the headers
                              configured.
                            properties:
                              maxInterval:
                                default: 300s
                                description: >-
                                  MaxInterval is a maximal amount of time which
                                  will be taken between retries.
                                type: string
                              resetHeaders:
                                description: >-
                                  ResetHeaders specifies the list of headers
                                  (like Retry-After or X-RateLimit-Reset)

                                  to match against the response. Headers are
                                  tried in order, and matched

                                  case-insensitive. The first header to be
                                  parsed successfully is used.

                                  If no headers match the default exponential
                                  BackOff is used instead.
                                items:
                                  properties:
                                    format:
                                      description: The format of the reset header.
                                      enum:
                                        - Seconds
                                        - UnixTimestamp
                                      type: string
                                    name:
                                      description: The Name of the reset header.
                                      maxLength: 256
                                      minLength: 1
                                      pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$
                                      type: string
                                  required:
                                    - format
                                    - name
                                  type: object
                                type: array
                            type: object
                          retriableRequestHeaders:
                            description: >-
                              RetriableRequestHeaders is an HTTP headers which
                              must be present in the request

                              for retries to be attempted.
                            items:
                              description: >-
                                HeaderMatch describes how to select an HTTP
                                route by matching HTTP request

                                headers.
                              properties:
                                name:
                                  description: >-
                                    Name is the name of the HTTP Header to be
                                    matched. Name MUST be lower case

                                    as they will be handled with case
                                    insensitivity (See
                                    https://tools.ietf.org/html/rfc7230#section-3.2).
                                  maxLength: 256
                                  minLength: 1
                                  pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$
                                  type: string
                                type:
                                  default: Exact
                                  description: >-
                                    Type specifies how to match against the
                                    value of the header.
                                  enum:
                                    - Exact
                                    - Present
                                    - RegularExpression
                                    - Absent
                                    - Prefix
                                  type: string
                                value:
                                  description: >-
                                    Value is the value of HTTP Header to be
                                    matched.
                                  type: string
                              required:
                                - name
                              type: object
                            type: array
                          retriableResponseHeaders:
                            description: >-
                              RetriableResponseHeaders is an HTTP response
                              headers that trigger a retry

                              if present in the response. A retry will be
                              triggered if any of the header

                              matches the upstream response headers.
                            items:
                              description: >-
                                HeaderMatch describes how to select an HTTP
                                route by matching HTTP request

                                headers.
                              properties:
                                name:
                                  description: >-
                                    Name is the name of the HTTP Header to be
                                    matched. Name MUST be lower case

                                    as they will be handled with case
                                    insensitivity (See
                                    https://tools.ietf.org/html/rfc7230#section-3.2).
                                  maxLength: 256
                                  minLength: 1
                                  pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$
                                  type: string
                                type:
                                  default: Exact
                                  description: >-
                                    Type specifies how to match against the
                                    value of the header.
                                  enum:
                                    - Exact
                                    - Present
                                    - RegularExpression
                                    - Absent
                                    - Prefix
                                  type: string
                                value:
                                  description: >-
                                    Value is the value of HTTP Header to be
                                    matched.
                                  type: string
                              required:
                                - name
                              type: object
                            type: array
                          retryOn:
                            description: >-
                              RetryOn is a list of conditions which will cause a
                              retry. Available values are:

                              [5XX, GatewayError, Reset, Retriable4xx,
                              ConnectFailure, EnvoyRatelimited,

                              RefusedStream, Http3PostConnectFailure,
                              HttpMethodConnect, HttpMethodDelete,

                              HttpMethodGet, HttpMethodHead, HttpMethodOptions,
                              HttpMethodPatch,

                              HttpMethodPost, HttpMethodPut, HttpMethodTrace].

                              Also, any HTTP status code (500, 503, etc.).
                            example:
                              - 5XX
                              - GatewayError
                              - Reset
                              - Retriable4xx
                              - ConnectFailure
                              - EnvoyRatelimited
                              - RefusedStream
                              - Http3PostConnectFailure
                              - HttpMethodConnect
                              - HttpMethodDelete
                              - HttpMethodGet
                              - HttpMethodHead
                              - HttpMethodOptions
                              - HttpMethodPatch
                              - HttpMethodPost
                              - HttpMethodPut
                              - HttpMethodTrace
                              - '500'
                              - '503'
                            items:
                              type: string
                            type: array
                        type: object
                      tcp:
                        description: TCP defines a configuration of retries for TCP traffic
                        properties:
                          maxConnectAttempt:
                            description: >-
                              MaxConnectAttempt is a maximal amount of TCP
                              connection attempts

                              which will be made before giving up
                            format: int32
                            type: integer
                        type: object
                    type: object
                  targetRef:
                    description: >-
                      TargetRef is a reference to the resource that represents a
                      group of

                      destinations.
                    properties:
                      kind:
                        description: Kind of the referenced resource
                        enum:
                          - Mesh
                          - MeshSubset
                          - MeshGateway
                          - MeshService
                          - MeshServiceSubset
                          - MeshHTTPRoute
                        type: string
                      mesh:
                        description: >-
                          Mesh is reserved for future use to identify cross mesh
                          resources.
                        type: string
                      name:
                        description: >-
                          Name of the referenced resource. Can only be used with
                          kinds: `MeshService`,

                          `MeshServiceSubset` and `MeshGatewayRoute`
                        type: string
                      proxyTypes:
                        description: >-
                          ProxyTypes specifies the data plane types that are
                          subject to the policy. When not specified,

                          all data plane types are targeted by the policy.
                        items:
                          enum:
                            - Sidecar
                            - Gateway
                          type: string
                        minItems: 1
                        type: array
                      tags:
                        additionalProperties:
                          type: string
                        description: >-
                          Tags used to select a subset of proxies by tags. Can
                          only be used with kinds

                          `MeshSubset` and `MeshServiceSubset`
                        type: object
                    type: object
                required:
                  - targetRef
                type: object
              type: array
          required:
            - targetRef
          type: object
    MeshTCPRouteItem:
      type: object
      properties:
        type:
          description: the type of the resource
          type: string
          enum:
            - MeshTCPRoute
        mesh:
          description: >-
            Mesh is the name of the Kuma mesh this resource belongs to. It may
            be omitted for cluster-scoped resources.
          type: string
          default: default
        name:
          description: Name of the Kuma resource
          type: string
        spec:
          description: Spec is the specification of the Kuma MeshTCPRoute resource.
          properties:
            targetRef:
              description: >-
                TargetRef is a reference to the resource the policy takes an
                effect on.

                The resource could be either a real store object or virtual
                resource

                defined in-place.
              properties:
                kind:
                  description: Kind of the referenced resource
                  enum:
                    - Mesh
                    - MeshSubset
                    - MeshGateway
                    - MeshService
                    - MeshServiceSubset
                    - MeshHTTPRoute
                  type: string
                mesh:
                  description: >-
                    Mesh is reserved for future use to identify cross mesh
                    resources.
                  type: string
                name:
                  description: >-
                    Name of the referenced resource. Can only be used with
                    kinds: `MeshService`,

                    `MeshServiceSubset` and `MeshGatewayRoute`
                  type: string
                proxyTypes:
                  description: >-
                    ProxyTypes specifies the data plane types that are subject
                    to the policy. When not specified,

                    all data plane types are targeted by the policy.
                  items:
                    enum:
                      - Sidecar
                      - Gateway
                    type: string
                  minItems: 1
                  type: array
                tags:
                  additionalProperties:
                    type: string
                  description: >-
                    Tags used to select a subset of proxies by tags. Can only be
                    used with kinds

                    `MeshSubset` and `MeshServiceSubset`
                  type: object
              type: object
            to:
              description: >-
                To list makes a match between the consumed services and
                corresponding

                configurations
              items:
                properties:
                  rules:
                    description: >-
                      Rules contains the routing rules applies to a combination
                      of top-level

                      targetRef and the targetRef in this entry.
                    items:
                      properties:
                        default:
                          description: >-
                            Default holds routing rules that can be merged with
                            rules from other

                            policies.
                          properties:
                            backendRefs:
                              items:
                                description: BackendRef defines where to forward traffic.
                                properties:
                                  kind:
                                    description: Kind of the referenced resource
                                    enum:
                                      - Mesh
                                      - MeshSubset
                                      - MeshGateway
                                      - MeshService
                                      - MeshServiceSubset
                                      - MeshHTTPRoute
                                    type: string
                                  mesh:
                                    description: >-
                                      Mesh is reserved for future use to
                                      identify cross mesh resources.
                                    type: string
                                  name:
                                    description: >-
                                      Name of the referenced resource. Can only
                                      be used with kinds: `MeshService`,

                                      `MeshServiceSubset` and `MeshGatewayRoute`
                                    type: string
                                  proxyTypes:
                                    description: >-
                                      ProxyTypes specifies the data plane types
                                      that are subject to the policy. When not
                                      specified,

                                      all data plane types are targeted by the
                                      policy.
                                    items:
                                      enum:
                                        - Sidecar
                                        - Gateway
                                      type: string
                                    minItems: 1
                                    type: array
                                  tags:
                                    additionalProperties:
                                      type: string
                                    description: >-
                                      Tags used to select a subset of proxies by
                                      tags. Can only be used with kinds

                                      `MeshSubset` and `MeshServiceSubset`
                                    type: object
                                  weight:
                                    default: 1
                                    minimum: 0
                                    type: integer
                                type: object
                              minItems: 1
                              type: array
                          required:
                            - backendRefs
                          type: object
                      required:
                        - default
                      type: object
                    maxItems: 1
                    type: array
                  targetRef:
                    description: >-
                      TargetRef is a reference to the resource that represents a
                      group of

                      destinations.
                    properties:
                      kind:
                        description: Kind of the referenced resource
                        enum:
                          - Mesh
                          - MeshSubset
                          - MeshGateway
                          - MeshService
                          - MeshServiceSubset
                          - MeshHTTPRoute
                        type: string
                      mesh:
                        description: >-
                          Mesh is reserved for future use to identify cross mesh
                          resources.
                        type: string
                      name:
                        description: >-
                          Name of the referenced resource. Can only be used with
                          kinds: `MeshService`,

                          `MeshServiceSubset` and `MeshGatewayRoute`
                        type: string
                      proxyTypes:
                        description: >-
                          ProxyTypes specifies the data plane types that are
                          subject to the policy. When not specified,

                          all data plane types are targeted by the policy.
                        items:
                          enum:
                            - Sidecar
                            - Gateway
                          type: string
                        minItems: 1
                        type: array
                      tags:
                        additionalProperties:
                          type: string
                        description: >-
                          Tags used to select a subset of proxies by tags. Can
                          only be used with kinds

                          `MeshSubset` and `MeshServiceSubset`
                        type: object
                    type: object
                required:
                  - targetRef
                type: object
              minItems: 1
              type: array
          required:
            - targetRef
          type: object
    MeshTimeoutItem:
      type: object
      properties:
        type:
          description: the type of the resource
          type: string
          enum:
            - MeshTimeout
        mesh:
          description: >-
            Mesh is the name of the Kuma mesh this resource belongs to. It may
            be omitted for cluster-scoped resources.
          type: string
          default: default
        name:
          description: Name of the Kuma resource
          type: string
        spec:
          description: Spec is the specification of the Kuma MeshTimeout resource.
          properties:
            from:
              description: >-
                From list makes a match between clients and corresponding
                configurations
              items:
                properties:
                  default:
                    description: >-
                      Default is a configuration specific to the group of
                      clients referenced in

                      'targetRef'
                    properties:
                      connectionTimeout:
                        description: >-
                          ConnectionTimeout specifies the amount of time proxy
                          will wait for an TCP connection to be established.

                          Default value is 5 seconds. Cannot be set to 0.
                        type: string
                      http:
                        description: Http provides configuration for HTTP specific timeouts
                        properties:
                          maxConnectionDuration:
                            description: >-
                              MaxConnectionDuration is the time after which a
                              connection will be drained and/or closed,

                              starting from when it was first established.
                              Setting this timeout to 0 will disable it.

                              Disabled by default.
                            type: string
                          maxStreamDuration:
                            description: >-
                              MaxStreamDuration is the maximum time that a
                              stream’s lifetime will span.

                              Setting this timeout to 0 will disable it.
                              Disabled by default.
                            type: string
                          requestHeadersTimeout:
                            description: >-
                              RequestHeadersTimeout The amount of time that
                              proxy will wait for the request headers to be
                              received. The timer is

                              activated when the first byte of the headers is
                              received, and is disarmed when the last byte of

                              the headers has been received. If not specified or
                              set to 0, this timeout is disabled.

                              Disabled by default.
                            type: string
                          requestTimeout:
                            description: >-
                              RequestTimeout The amount of time that proxy will
                              wait for the entire request to be received.

                              The timer is activated when the request is
                              initiated, and is disarmed when the last byte of
                              the request is sent,

                              OR when the response is initiated. Setting this
                              timeout to 0 will disable it.

                              Default is 15s.
                            type: string
                          streamIdleTimeout:
                            description: >-
                              StreamIdleTimeout is the amount of time that proxy
                              will allow a stream to exist with no activity.

                              Setting this timeout to 0 will disable it. Default
                              is 30m
                            type: string
                        type: object
                      idleTimeout:
                        description: >-
                          IdleTimeout is defined as the period in which there
                          are no bytes sent or received on connection

                          Setting this timeout to 0 will disable it. Be cautious
                          when disabling it because

                          it can lead to connection leaking. Default value is
                          1h.
                        type: string
                    type: object
                  targetRef:
                    description: >-
                      TargetRef is a reference to the resource that represents a
                      group of

                      clients.
                    properties:
                      kind:
                        description: Kind of the referenced resource
                        enum:
                          - Mesh
                          - MeshSubset
                          - MeshGateway
                          - MeshService
                          - MeshServiceSubset
                          - MeshHTTPRoute
                        type: string
                      mesh:
                        description: >-
                          Mesh is reserved for future use to identify cross mesh
                          resources.
                        type: string
                      name:
                        description: >-
                          Name of the referenced resource. Can only be used with
                          kinds: `MeshService`,

                          `MeshServiceSubset` and `MeshGatewayRoute`
                        type: string
                      proxyTypes:
                        description: >-
                          ProxyTypes specifies the data plane types that are
                          subject to the policy. When not specified,

                          all data plane types are targeted by the policy.
                        items:
                          enum:
                            - Sidecar
                            - Gateway
                          type: string
                        minItems: 1
                        type: array
                      tags:
                        additionalProperties:
                          type: string
                        description: >-
                          Tags used to select a subset of proxies by tags. Can
                          only be used with kinds

                          `MeshSubset` and `MeshServiceSubset`
                        type: object
                    type: object
                required:
                  - targetRef
                type: object
              type: array
            targetRef:
              description: >-
                TargetRef is a reference to the resource the policy takes an
                effect on.

                The resource could be either a real store object or virtual
                resource

                defined inplace.
              properties:
                kind:
                  description: Kind of the referenced resource
                  enum:
                    - Mesh
                    - MeshSubset
                    - MeshGateway
                    - MeshService
                    - MeshServiceSubset
                    - MeshHTTPRoute
                  type: string
                mesh:
                  description: >-
                    Mesh is reserved for future use to identify cross mesh
                    resources.
                  type: string
                name:
                  description: >-
                    Name of the referenced resource. Can only be used with
                    kinds: `MeshService`,

                    `MeshServiceSubset` and `MeshGatewayRoute`
                  type: string
                proxyTypes:
                  description: >-
                    ProxyTypes specifies the data plane types that are subject
                    to the policy. When not specified,

                    all data plane types are targeted by the policy.
                  items:
                    enum:
                      - Sidecar
                      - Gateway
                    type: string
                  minItems: 1
                  type: array
                tags:
                  additionalProperties:
                    type: string
                  description: >-
                    Tags used to select a subset of proxies by tags. Can only be
                    used with kinds

                    `MeshSubset` and `MeshServiceSubset`
                  type: object
              type: object
            to:
              description: >-
                To list makes a match between the consumed services and
                corresponding configurations
              items:
                properties:
                  default:
                    description: >-
                      Default is a configuration specific to the group of
                      destinations referenced in

                      'targetRef'
                    properties:
                      connectionTimeout:
                        description: >-
                          ConnectionTimeout specifies the amount of time proxy
                          will wait for an TCP connection to be established.

                          Default value is 5 seconds. Cannot be set to 0.
                        type: string
                      http:
                        description: Http provides configuration for HTTP specific timeouts
                        properties:
                          maxConnectionDuration:
                            description: >-
                              MaxConnectionDuration is the time after which a
                              connection will be drained and/or closed,

                              starting from when it was first established.
                              Setting this timeout to 0 will disable it.

                              Disabled by default.
                            type: string
                          maxStreamDuration:
                            description: >-
                              MaxStreamDuration is the maximum time that a
                              stream’s lifetime will span.

                              Setting this timeout to 0 will disable it.
                              Disabled by default.
                            type: string
                          requestHeadersTimeout:
                            description: >-
                              RequestHeadersTimeout The amount of time that
                              proxy will wait for the request headers to be
                              received. The timer is

                              activated when the first byte of the headers is
                              received, and is disarmed when the last byte of

                              the headers has been received. If not specified or
                              set to 0, this timeout is disabled.

                              Disabled by default.
                            type: string
                          requestTimeout:
                            description: >-
                              RequestTimeout The amount of time that proxy will
                              wait for the entire request to be received.

                              The timer is activated when the request is
                              initiated, and is disarmed when the last byte of
                              the request is sent,

                              OR when the response is initiated. Setting this
                              timeout to 0 will disable it.

                              Default is 15s.
                            type: string
                          streamIdleTimeout:
                            description: >-
                              StreamIdleTimeout is the amount of time that proxy
                              will allow a stream to exist with no activity.

                              Setting this timeout to 0 will disable it. Default
                              is 30m
                            type: string
                        type: object
                      idleTimeout:
                        description: >-
                          IdleTimeout is defined as the period in which there
                          are no bytes sent or received on connection

                          Setting this timeout to 0 will disable it. Be cautious
                          when disabling it because

                          it can lead to connection leaking. Default value is
                          1h.
                        type: string
                    type: object
                  targetRef:
                    description: >-
                      TargetRef is a reference to the resource that represents a
                      group of

                      destinations.
                    properties:
                      kind:
                        description: Kind of the referenced resource
                        enum:
                          - Mesh
                          - MeshSubset
                          - MeshGateway
                          - MeshService
                          - MeshServiceSubset
                          - MeshHTTPRoute
                        type: string
                      mesh:
                        description: >-
                          Mesh is reserved for future use to identify cross mesh
                          resources.
                        type: string
                      name:
                        description: >-
                          Name of the referenced resource. Can only be used with
                          kinds: `MeshService`,

                          `MeshServiceSubset` and `MeshGatewayRoute`
                        type: string
                      proxyTypes:
                        description: >-
                          ProxyTypes specifies the data plane types that are
                          subject to the policy. When not specified,

                          all data plane types are targeted by the policy.
                        items:
                          enum:
                            - Sidecar
                            - Gateway
                          type: string
                        minItems: 1
                        type: array
                      tags:
                        additionalProperties:
                          type: string
                        description: >-
                          Tags used to select a subset of proxies by tags. Can
                          only be used with kinds

                          `MeshSubset` and `MeshServiceSubset`
                        type: object
                    type: object
                required:
                  - targetRef
                type: object
              type: array
          required:
            - targetRef
          type: object
    MeshTraceItem:
      type: object
      properties:
        type:
          description: the type of the resource
          type: string
          enum:
            - MeshTrace
        mesh:
          description: >-
            Mesh is the name of the Kuma mesh this resource belongs to. It may
            be omitted for cluster-scoped resources.
          type: string
          default: default
        name:
          description: Name of the Kuma resource
          type: string
        spec:
          description: Spec is the specification of the Kuma MeshTrace resource.
          properties:
            default:
              description: MeshTrace configuration.
              properties:
                backends:
                  description: >-
                    A one element array of backend definition.

                    Envoy allows configuring only 1 backend, so the natural way
                    of

                    representing that would be just one object. Unfortunately
                    due to the

                    reasons explained in MADR 009-tracing-policy this has to be
                    a one element

                    array for now.
                  items:
                    description: Only one of zipkin, datadog or openTelemetry can be used.
                    properties:
                      datadog:
                        description: Datadog backend configuration.
                        properties:
                          splitService:
                            default: false
                            description: >-
                              Determines if datadog service name should be split
                              based on traffic

                              direction and destination. For example, with
                              `splitService: true` and a

                              `backend` service that communicates with a couple
                              of databases, you would

                              get service names like `backend_INBOUND`,
                              `backend_OUTBOUND_db1`, and

                              `backend_OUTBOUND_db2` in Datadog.
                            type: boolean
                          url:
                            description: >-
                              Address of Datadog collector, only host and port
                              are allowed (no paths,

                              fragments etc.)
                            type: string
                        required:
                          - url
                        type: object
                      openTelemetry:
                        description: OpenTelemetry backend configuration.
                        properties:
                          endpoint:
                            description: Address of OpenTelemetry collector.
                            example: otel-collector:4317
                            minLength: 1
                            type: string
                        required:
                          - endpoint
                        type: object
                      type:
                        enum:
                          - Zipkin
                          - Datadog
                          - OpenTelemetry
                        type: string
                      zipkin:
                        description: Zipkin backend configuration.
                        properties:
                          apiVersion:
                            default: httpJson
                            description: >-
                              Version of the API.

                              https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/trace/v3/zipkin.proto#L66
                            enum:
                              - httpJson
                              - httpProto
                            type: string
                          sharedSpanContext:
                            default: true
                            description: >-
                              Determines whether client and server spans will
                              share the same span

                              context.

                              https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/trace/v3/zipkin.proto#L63
                            type: boolean
                          traceId128bit:
                            default: false
                            description: Generate 128bit traces.
                            type: boolean
                          url:
                            description: Address of Zipkin collector.
                            type: string
                        required:
                          - url
                        type: object
                    required:
                      - type
                    type: object
                  maxItems: 1
                  type: array
                sampling:
                  description: >-
                    Sampling configuration.

                    Sampling is the process by which a decision is made on
                    whether to

                    process/export a span or not.
                  properties:
                    client:
                      anyOf:
                        - type: integer
                        - type: string
                      default: 100%
                      description: >-
                        Target percentage of requests that will be force traced
                        if the

                        'x-client-trace-id' header is set. Mirror of
                        client_sampling in Envoy

                        https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L127-L133

                        Either int or decimal represented as string.
                      x-kubernetes-int-or-string: true
                    overall:
                      anyOf:
                        - type: integer
                        - type: string
                      default: 100%
                      description: >-
                        Target percentage of requests will be traced

                        after all other sampling checks have been applied
                        (client, force tracing,

                        random sampling). This field functions as an upper limit
                        on the total

                        configured sampling rate. For instance, setting
                        client_sampling to 100%

                        but overall_sampling to 1% will result in only 1% of
                        client requests with

                        the appropriate headers to be force traced. Mirror of

                        overall_sampling in Envoy

                        https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L142-L150

                        Either int or decimal represented as string.
                      x-kubernetes-int-or-string: true
                    random:
                      anyOf:
                        - type: integer
                        - type: string
                      default: 100%
                      description: >-
                        Target percentage of requests that will be randomly
                        selected for trace

                        generation, if not requested by the client or not
                        forced.

                        Mirror of random_sampling in Envoy

                        https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L135-L140

                        Either int or decimal represented as string.
                      x-kubernetes-int-or-string: true
                  type: object
                tags:
                  description: >-
                    Custom tags configuration. You can add custom tags to traces
                    based on

                    headers or literal values.
                  items:
                    description: |-
                      Custom tags configuration.
                      Only one of literal or header can be used.
                    properties:
                      header:
                        description: Tag taken from a header.
                        properties:
                          default:
                            description: >-
                              Default value to use if header is missing.

                              If the default is missing and there is no value
                              the tag will not be

                              included.
                            type: string
                          name:
                            description: Name of the header.
                            type: string
                        required:
                          - name
                        type: object
                      literal:
                        description: Tag taken from literal value.
                        type: string
                      name:
                        description: Name of the tag.
                        type: string
                    required:
                      - name
                    type: object
                  type: array
              type: object
            targetRef:
              description: >-
                TargetRef is a reference to the resource the policy takes an
                effect on.

                The resource could be either a real store object or virtual
                resource

                defined inplace.
              properties:
                kind:
                  description: Kind of the referenced resource
                  enum:
                    - Mesh
                    - MeshSubset
                    - MeshGateway
                    - MeshService
                    - MeshServiceSubset
                    - MeshHTTPRoute
                  type: string
                mesh:
                  description: >-
                    Mesh is reserved for future use to identify cross mesh
                    resources.
                  type: string
                name:
                  description: >-
                    Name of the referenced resource. Can only be used with
                    kinds: `MeshService`,

                    `MeshServiceSubset` and `MeshGatewayRoute`
                  type: string
                proxyTypes:
                  description: >-
                    ProxyTypes specifies the data plane types that are subject
                    to the policy. When not specified,

                    all data plane types are targeted by the policy.
                  items:
                    enum:
                      - Sidecar
                      - Gateway
                    type: string
                  minItems: 1
                  type: array
                tags:
                  additionalProperties:
                    type: string
                  description: >-
                    Tags used to select a subset of proxies by tags. Can only be
                    used with kinds

                    `MeshSubset` and `MeshServiceSubset`
                  type: object
              type: object
          required:
            - targetRef
          type: object
    MeshTrafficPermissionItem:
      type: object
      properties:
        type:
          description: the type of the resource
          type: string
          enum:
            - MeshTrafficPermission
        mesh:
          description: >-
            Mesh is the name of the Kuma mesh this resource belongs to. It may
            be omitted for cluster-scoped resources.
          type: string
          default: default
        name:
          description: Name of the Kuma resource
          type: string
        spec:
          description: >-
            Spec is the specification of the Kuma MeshTrafficPermission
            resource.
          properties:
            from:
              description: >-
                From list makes a match between clients and corresponding
                configurations
              items:
                properties:
                  default:
                    description: >-
                      Default is a configuration specific to the group of
                      clients referenced in

                      'targetRef'
                    properties:
                      action:
                        description: >-
                          Action defines a behavior for the specified group of
                          clients:
                        enum:
                          - Allow
                          - Deny
                          - AllowWithShadowDeny
                        type: string
                    type: object
                  targetRef:
                    description: >-
                      TargetRef is a reference to the resource that represents a
                      group of

                      clients.
                    properties:
                      kind:
                        description: Kind of the referenced resource
                        enum:
                          - Mesh
                          - MeshSubset
                          - MeshGateway
                          - MeshService
                          - MeshServiceSubset
                          - MeshHTTPRoute
                        type: string
                      mesh:
                        description: >-
                          Mesh is reserved for future use to identify cross mesh
                          resources.
                        type: string
                      name:
                        description: >-
                          Name of the referenced resource. Can only be used with
                          kinds: `MeshService`,

                          `MeshServiceSubset` and `MeshGatewayRoute`
                        type: string
                      proxyTypes:
                        description: >-
                          ProxyTypes specifies the data plane types that are
                          subject to the policy. When not specified,

                          all data plane types are targeted by the policy.
                        items:
                          enum:
                            - Sidecar
                            - Gateway
                          type: string
                        minItems: 1
                        type: array
                      tags:
                        additionalProperties:
                          type: string
                        description: >-
                          Tags used to select a subset of proxies by tags. Can
                          only be used with kinds

                          `MeshSubset` and `MeshServiceSubset`
                        type: object
                    type: object
                required:
                  - targetRef
                type: object
              type: array
            targetRef:
              description: >-
                TargetRef is a reference to the resource the policy takes an
                effect on.

                The resource could be either a real store object or virtual
                resource

                defined inplace.
              properties:
                kind:
                  description: Kind of the referenced resource
                  enum:
                    - Mesh
                    - MeshSubset
                    - MeshGateway
                    - MeshService
                    - MeshServiceSubset
                    - MeshHTTPRoute
                  type: string
                mesh:
                  description: >-
                    Mesh is reserved for future use to identify cross mesh
                    resources.
                  type: string
                name:
                  description: >-
                    Name of the referenced resource. Can only be used with
                    kinds: `MeshService`,

                    `MeshServiceSubset` and `MeshGatewayRoute`
                  type: string
                proxyTypes:
                  description: >-
                    ProxyTypes specifies the data plane types that are subject
                    to the policy. When not specified,

                    all data plane types are targeted by the policy.
                  items:
                    enum:
                      - Sidecar
                      - Gateway
                    type: string
                  minItems: 1
                  type: array
                tags:
                  additionalProperties:
                    type: string
                  description: >-
                    Tags used to select a subset of proxies by tags. Can only be
                    used with kinds

                    `MeshSubset` and `MeshServiceSubset`
                  type: object
              type: object
          required:
            - targetRef
          type: object
  responses:
    ResourceTypeDescriptionListResponse:
      description: A response containing a list of all resources installed in Kuma
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ResourceTypeDescriptionList'
    GlobalInsightResponse:
      description: A response containing global insight.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/GlobalInsight'
          examples:
            Single control plane response:
              $ref: '#/components/examples/GlobalInsightExample'
    InspectDataplanesForPolicyResponse:
      description: A response containing dataplanes that match a policy.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/InspectDataplanesForPolicy'
          examples:
            ResponseForDataplane:
              $ref: '#/components/examples/InspectDataplanesForPolicyExample'
    InspectRulesResponse:
      description: A response containing policies that match a resource
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/InspectRules'
    BadRequest:
      description: Bad Request
      content:
        application/problem+json:
          schema:
            $ref: '#/components/schemas/Error'
    InternalServerError:
      description: Internal Server Error
      content:
        application/problem+json:
          schema:
            $ref: '#/components/schemas/Error'
    MeshAccessLogItem:
      description: Successful response
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/MeshAccessLogItem'
    MeshAccessLogList:
      description: List
      content:
        application/json:
          schema:
            type: object
            properties:
              items:
                type: array
                items:
                  $ref: '#/components/schemas/MeshAccessLogItem'
              total:
                type: number
                description: The total number of entities
              next:
                type: string
                description: URL to the next page
    MeshCircuitBreakerItem:
      description: Successful response
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/MeshCircuitBreakerItem'
    MeshCircuitBreakerList:
      description: List
      content:
        application/json:
          schema:
            type: object
            properties:
              items:
                type: array
                items:
                  $ref: '#/components/schemas/MeshCircuitBreakerItem'
              total:
                type: number
                description: The total number of entities
              next:
                type: string
                description: URL to the next page
    MeshFaultInjectionItem:
      description: Successful response
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/MeshFaultInjectionItem'
    MeshFaultInjectionList:
      description: List
      content:
        application/json:
          schema:
            type: object
            properties:
              items:
                type: array
                items:
                  $ref: '#/components/schemas/MeshFaultInjectionItem'
              total:
                type: number
                description: The total number of entities
              next:
                type: string
                description: URL to the next page
    MeshHealthCheckItem:
      description: Successful response
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/MeshHealthCheckItem'
    MeshHealthCheckList:
      description: List
      content:
        application/json:
          schema:
            type: object
            properties:
              items:
                type: array
                items:
                  $ref: '#/components/schemas/MeshHealthCheckItem'
              total:
                type: number
                description: The total number of entities
              next:
                type: string
                description: URL to the next page
    MeshHTTPRouteItem:
      description: Successful response
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/MeshHTTPRouteItem'
    MeshHTTPRouteList:
      description: List
      content:
        application/json:
          schema:
            type: object
            properties:
              items:
                type: array
                items:
                  $ref: '#/components/schemas/MeshHTTPRouteItem'
              total:
                type: number
                description: The total number of entities
              next:
                type: string
                description: URL to the next page
    MeshLoadBalancingStrategyItem:
      description: Successful response
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/MeshLoadBalancingStrategyItem'
    MeshLoadBalancingStrategyList:
      description: List
      content:
        application/json:
          schema:
            type: object
            properties:
              items:
                type: array
                items:
                  $ref: '#/components/schemas/MeshLoadBalancingStrategyItem'
              total:
                type: number
                description: The total number of entities
              next:
                type: string
                description: URL to the next page
    MeshMetricItem:
      description: Successful response
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/MeshMetricItem'
    MeshMetricList:
      description: List
      content:
        application/json:
          schema:
            type: object
            properties:
              items:
                type: array
                items:
                  $ref: '#/components/schemas/MeshMetricItem'
              total:
                type: number
                description: The total number of entities
              next:
                type: string
                description: URL to the next page
    MeshProxyPatchItem:
      description: Successful response
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/MeshProxyPatchItem'
    MeshProxyPatchList:
      description: List
      content:
        application/json:
          schema:
            type: object
            properties:
              items:
                type: array
                items:
                  $ref: '#/components/schemas/MeshProxyPatchItem'
              total:
                type: number
                description: The total number of entities
              next:
                type: string
                description: URL to the next page
    MeshRateLimitItem:
      description: Successful response
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/MeshRateLimitItem'
    MeshRateLimitList:
      description: List
      content:
        application/json:
          schema:
            type: object
            properties:
              items:
                type: array
                items:
                  $ref: '#/components/schemas/MeshRateLimitItem'
              total:
                type: number
                description: The total number of entities
              next:
                type: string
                description: URL to the next page
    MeshRetryItem:
      description: Successful response
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/MeshRetryItem'
    MeshRetryList:
      description: List
      content:
        application/json:
          schema:
            type: object
            properties:
              items:
                type: array
                items:
                  $ref: '#/components/schemas/MeshRetryItem'
              total:
                type: number
                description: The total number of entities
              next:
                type: string
                description: URL to the next page
    MeshTCPRouteItem:
      description: Successful response
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/MeshTCPRouteItem'
    MeshTCPRouteList:
      description: List
      content:
        application/json:
          schema:
            type: object
            properties:
              items:
                type: array
                items:
                  $ref: '#/components/schemas/MeshTCPRouteItem'
              total:
                type: number
                description: The total number of entities
              next:
                type: string
                description: URL to the next page
    MeshTimeoutItem:
      description: Successful response
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/MeshTimeoutItem'
    MeshTimeoutList:
      description: List
      content:
        application/json:
          schema:
            type: object
            properties:
              items:
                type: array
                items:
                  $ref: '#/components/schemas/MeshTimeoutItem'
              total:
                type: number
                description: The total number of entities
              next:
                type: string
                description: URL to the next page
    MeshTraceItem:
      description: Successful response
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/MeshTraceItem'
    MeshTraceList:
      description: List
      content:
        application/json:
          schema:
            type: object
            properties:
              items:
                type: array
                items:
                  $ref: '#/components/schemas/MeshTraceItem'
              total:
                type: number
                description: The total number of entities
              next:
                type: string
                description: URL to the next page
    MeshTrafficPermissionItem:
      description: Successful response
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/MeshTrafficPermissionItem'
    MeshTrafficPermissionList:
      description: List
      content:
        application/json:
          schema:
            type: object
            properties:
              items:
                type: array
                items:
                  $ref: '#/components/schemas/MeshTrafficPermissionItem'
              total:
                type: number
                description: The total number of entities
              next:
                type: string
                description: URL to the next page
  examples:
    GlobalInsightExample:
      value:
        services:
          total: 5
          internal: 4
          external: 1
          gatewayBuiltin: 1
          gatewayProvided: 2
          internalByStatus:
            online: 2
            offline: 1
            partiallyDegraded: 1
        zones:
          controlPlanes:
            online: 1
            total: 1
          zoneEgresses:
            online: 1
            total: 1
          zoneIngresses:
            online: 1
            total: 1
          dataplanes:
            online: 23
            offline: 10
            partiallyDegraded: 17
            total: 50
          policies:
            total: 100
          meshes:
            total: 3
    InspectDataplanesForPolicyExample:
      value:
        total: 100
        next: >-
          http://localhost:5681/meshes/default/meshretries/_resources/dataplanes?offset=100
        items:
          - type: Dataplane
            mesh: default
            name: dp-1
          - type: Dataplane
            mesh: default
            name: dp-2

